[jboss-user] [JBoss Seam] - Securing components

rapowder do-not-reply at jboss.com
Mon Jul 2 12:19:28 EDT 2007


Hi I am trying to add user management to my seam application (v. 1.2.1GA) and I'm getting some problems when assigning specific method access to different roles. Precisely, when I call Identity.instance().hasRole("admin") I get false although I setted the correct user role at login. Here is my Login class:


  | @Stateless
  | @Name("login")
  | public class LoginAction implements Login {
  | 
  |     @In @Out
  |     private User user;
  | 
  |     @In(create = true, value = "spotme2EM")
  |     private EntityManager em;
  | 
  | [...]
  | 
  |     public String login() {
  | 
  |         User userReference = find(user.getName(), user.getPassword());
  | 
  |         if(userReference != null) {
  |             
  |             Identity id = Identity.instance();
  |             id.setUsername(userReference.getName());
  |             id.setPassword(userReference.getPassword());
  |             id.addRole(userReference.getRole().name());
  |             try {
  |                 id.authenticate();
  |             } catch (LoginException e) {
  |                 e.printStackTrace();
  |             }
  |             
  |             sessionContext.set("loggedIn", true);
  |             
  |             return "home";
  |         }
  |         else {
  |             log.info("Invalid Login!");
  |             facesContext.addMessage(null, new FacesMessage("Invalid login"));
  |             return null;
  |         }
  | 
  | 

In another bean, I do the check like this:

public String delete() {
  |     public String deleteItem() {
  |         
  |         if (!Identity.instance().hasRole(CoreConstants.UserRole.ADMIN.name()))
  |             throw new AuthorizationException("Must be admin to perform this action!");
  | 
  |       [...]
  |    }
  | 

And of course the exception is always thrown... Any suggestions?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4059669#4059669

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4059669



More information about the jboss-user mailing list