gcc
Reputation: 15
javaee IsUserInRole always return false jsf
I've found this problem in a lot of posts but i can't find a solution. I've an authentication based on realm and with two roles mapped USERS and ADMINS. The log-in works normally but if i try to use
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext externalContext = context.getExternalContext();
if(externalContext.getRemoteUser() != null && externalContext.isUserInRole("USERS")){
return true;
}
isUserInRole always returns false even if i am logged-in. How can i fix this problem?
this is the web.xml file
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>TravelDreamWeb</display-name>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
<url-pattern>*.jsf</url-pattern>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>authJdbcRealm</realm-name>
<form-login-config>
<form-login-page>/index.xhtml</form-login-page>
<form-error-page>/loginError.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admins Pages</web-resource-name>
<description />
<url-pattern>/admins/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINS</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Users Pages</web-resource-name>
<description />
<url-pattern>/users/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USERS</role-name>
</auth-constraint>
</security-constraint>
</web-app>
and this is the glassfish-application.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-application PUBLIC "-//GlassFish.org//DTD
GlassFish Application Server 3.1 Java EE Application 6.0//EN"
"http://glassfish.org/dtds/glassfish-application_6_0-1.dtd">
<glassfish-application>
<security-role-mapping>
<role-name>USERS</role-name>
<group-name>USERS</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>ADMINS</role-name>
<group-name>ADMINS</group-name>
</security-role-mapping>
<realm>authJdbcRealm</realm>
</glassfish-application>
Upvotes: 1
Views: 3373
Answers (1)
xavi
Reputation: 76
Add the following to your web.xml file:
<security-role>
<role-name>USERS</role-name>
</security-role>
<security-role>
<role-name>ADMINS</role-name>
</security-role>
As described in the following documentation: http://docs.oracle.com/javaee/6/tutorial/doc/gkbaa.html#bncav
Upvotes: 5
Related Questions
- How to authorize users on JSP and REST services using request.isUserInRole() in Struts 2?
- Performing user authentication in Java EE / JSF using j_security_check
- Tomcat user has principal role but request.isUserInRole() says otherwise
- How to get number of connected users and their role using j_security_check?
- Servlet - isUserInRole()
- Programmatically assigning security role to user on login in JSF website
- How to properly use isUserInRole(role)
- isUserInRole sometimes returns false
- How to check if is user logged in?
- jsf check user logged in