[jboss-user] [JBoss Seam] - Seam Security: isUserInRole() expression
jeffconstantin
do-not-reply at jboss.com
Tue Apr 10 15:35:36 EDT 2007
What is required to use isUserInRole() to control component rendering as follows:
rendered="#{isUserInRole['admin']}"
Any help is very much appreciated.
This check is always returning false even though I am sure the user has the "admin" role. At least I can see the role being added to the Identity bean in my Authenticator bean.
System.out.println("User: " + Identity.instance().getUsername() + " Adding Role: " + userRole.getRole());
| Identity.instance().addRole(userRole.getRole());
|
Output From my Authenticator bean:
15:26:32,301 INFO [STDOUT] User: constant Adding Role: admin
| 15:26:32,301 INFO [STDOUT] User: constant Adding Role: user
|
I think the authenticator.authenticate is working properly because I can use the rendered="#{identity.loggedIn}" successfully. However, I cannot get the isUserInRole() function to work.
My Environment:
1. jboss-seam-1.2.1.GA
2. jboss-4.0.5.GA AS with EJB3 profile
3. Seam Security "simplified mode" - this mode supports authentication services and simple role-based security checks.
Components.xml
| <?xml version="1.0" encoding="utf-8"?>
| <components xmlns="http://jboss.com/products/seam/components"
| xmlns:core="http://jboss.com/products/seam/core"
| xmlns:security="http://jboss.com/products/seam/security"
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
| xmlns:framework="http://jboss.com/products/seam/framework"
| xsi:schemaLocation=
| "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-1.2.xsd
| http://jboss.com/products/seam/components http://jboss.com/products/seam/components-1.2.xsd
| http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-1.2.xsd
| http://jboss.com/products/seam/security http://jboss.com/products/seam/security-1.2.xsd">
|
| <security:identity authenticate-method="#{authenticator.authenticate}"/>
|
| <component name="org.jboss.seam.core.init">
| <property name="myFacesLifecycleBug">true</property>
| <property name="jndiPattern">seamapp/#{ejbName}/local</property>
| </component>
| <component name="entityManager" class="org.jboss.seam.core.ManagedPersistenceContext">
| <property name="persistenceUnitJndiName">java:/seamappEntityManagerFactory</property>
| </component>
|
| <!-- this will create the ejb objects for the selectItems -->
| <framework:entity-query name="colors" ejbql="select d from EdmColors d" />
| <framework:entity-query name="cars" ejbql="select d from EdmCars d" />
| <framework:entity-query name="yesnos" ejbql="select d from EdmBoolean d" />
|
| </components>
|
Authenticator Bean
package com.cox.edm;
|
| import java.util.List;
|
| import javax.ejb.Stateless;
| import javax.persistence.EntityManager;
| import javax.persistence.NoResultException;
| import javax.persistence.Query;
|
| import org.jboss.seam.annotations.In;
| import org.jboss.seam.annotations.Name;
| import org.jboss.seam.core.FacesMessages;
| import org.jboss.seam.security.Identity;
|
| @Name("authenticator")
| public class Authenticator {
|
| @In(create = true)
| private EntityManager entityManager;
|
| public boolean authenticate() {
| try
| {
| Query query = entityManager.createQuery("from EdmUsers where user_id = :userid and password = :password");
| query.setParameter("userid", Identity.instance().getUsername());
| query.setParameter("password", Identity.instance().getPassword());
| EdmUsers user = (EdmUsers) query.getSingleResult();
|
| query = entityManager.createQuery( "from EdmUserRoles where user_id = :userid ");
| query.setParameter("userid", Identity.instance().getUsername() );
| List<EdmUserRoles> list = (List<EdmUserRoles>)query.getResultList();
|
| if (list != null)
| {
| for (EdmUserRoles userRole : list){
| System.out.println("User: " + Identity.instance().getUsername() + " Adding Role: " + userRole.getRole());
| Identity.instance().addRole(userRole.getRole());
| }
| }
|
| return true;
| }
| catch (NoResultException ex)
| {
| FacesMessages.instance().add("Invalid username/password");
| return false;
| }
|
| }
|
| }
My Logon.jsp
<%@ taglib uri="http://java.sun.com/jsf/html" prefix="h" %>
| <%@ taglib uri="http://java.sun.com/jsf/core" prefix="f" %>
| <%@ taglib uri="http://jboss.com/products/seam/taglib" prefix="s" %>
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
| <f:view>
| <f:loadBundle basename="messages" var="msg"/>
| <head>
| <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
| <title><h:outputText value="#{msg.Application} #{msg.LoginTitle}"/></title>
| <style type="text/css" media="all">
| @import "style/default/screen.css";
| </style>
| </head>
| <body>
|
| <h1><h:outputText value="#{msg.Application} #{msg.Authentication}"/></h1>
|
| <h:form>
|
| <!-- ADD THE MENU SWITCHER -->
| <%@ include file="/menu.jsp" %>
|
| <div class="rvgFind" >
| <fieldset class="rvgFieldSet" >
| <legend><h:outputText value="#{msg.Authentication} Form"/></legend>
|
| <span class="rvgInputs">
| <h:outputLabel value="#{msg.Username}" for="username">
| <h:inputText value="#{identity.username}" id="username"/>
| </h:outputLabel>
| <h:outputLabel value="#{msg.Password}" for="password">
| <h:inputSecret redisplay="false" value="#{identity.password}" id="password"/>
| </h:outputLabel>
| </span>
|
| <span class="rvgActions">
| <h:commandButton type="submit" value="#{msg.Login}" action="#{identity.login}" rendered="#{not identity.loggedIn}"/>
| <h:commandButton type="submit" value="#{msg.Logout}" action="#{identity.logout}" rendered="#{identity.loggedIn}"/>
| </span>
|
| </fieldset>
| </div>
|
| </h:form>
|
|
| </body>
| </f:view>
| </html>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4036102#4036102
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4036102
More information about the jboss-user
mailing list