IsUserInRole
Hi guys and gals,
I've been looking at this for two hours now and can't see
anything wrong with this code...but when i run it I get this output
- the dump from the query shows the f_role field is "agent". The
first cfoutput confirms this, the second cfoutput shows it's
assigning the login info correctly, as it shows the GetAuthUser is
Barney...but the IsUserInRole("agent") says NO...even though it
is???!
Does anyone have any idea please???!
Screen output
query - Top 1 of 1 Rows
F_PASSWORD F_ROLE F_USER RID
1 123456 agent Barney 3
agent Barney NO
//////////////////////////////////////////
Why is it that as soon as you hit the POST button you find
the answer!
The code is fine...it was the fieldtype in my database - it
was set as a nchar and so had trailing spaces...although they
weren't output on screen CF was obviously interpreting them and
therefore failing on the comparison. Doh!
Similar Messages
-
IsUserInRole from WC Portal to consumed JSF Portlet
Hi experts,
I'm trying to retrieve, the J2EE Roles [ Enterprise Roles a.k.a Security Realm "Groups" of a logged in user ]
from from consumer Webcenter Portal Application into a Producer JSF Portlet.I have seen there were many posts mentioning that this isUserInRole method always return false. I'm also facing the same problem.
My configurations are following -
Portlet Producer App
web.xml
<security-role>
<description>RelationManager</description>
<role-name>RM</role-name>
</security-role>
<security-role>
<description>Team Leader</description>
<role-name>TL</role-name>
</security-role>
portlet.xml
<security-role-ref>
<role-name>RM</role-name>
<role-link>RM</role-link>
</security-role-ref>
weblogic.xml /* Have tried with & without creating this descriptor, but no luck */
<security-role-assignment>
<role-name>RM</role-name>
<principal-name>RM</principal-name> /* I have defined a weblogic group by the name "RM" within defaultAuthenticator and assigned testUser to it. */
</security-role-assignment>
WC Consumer PortalApp
web.xml
<security-role>
<role-name>RM</role-name>
</security-role>
weblogic.xml
<security-role-assignment>
<role-name>RM</role-name>
<principal-name>RM</principal-name> /* Since its the same WLS Server the same group as above will hold good */
</security-role-assignment>
+ I have done the mapping of UserGroups of the Portlets to J2EE Roles of Webcenter Portal consumer during Portlet Registration process.
I have a requestScoped managedBean within my JSFPortlet where I'm retrieving the user Principal and Roles -
public String getLoggedInUser() {
FacesContext facesContext = FacesContext.
getCurrentInstance();
ExternalContext ectx = facesContext.getExternalContext();
PortletRequest portletRequest = (PortletRequest)ectx.getRequest();
return ( portletRequest.getUserPrincipal().getName());
public String getPortletUserRole(){
FacesContext facesContext = FacesContext. getCurrentInstance();
ExternalContext externalContext = facesContext.getExternalContext();
PortletRequest portletRequest = (PortletRequest)externalContext.getRequest();
if ( portletRequest.isUserInRole ("RM") == true ) return "RM" ;
else return "";
Results :
The getLoggedInUser returns ""
And so does the getPortletUserRole method.
What am I missing and whether this is the correct approach to get the userRoles from PortalApp to Portlet.
Env: JDEV 11.1.1.5 , Integrated WLS
Note: I haven't done any configuration related to WS-Security between Portal App and Portlet App,_ since both are deployed to the same integrated Server.
-RejuIf you haven't already you have to perform user category mapping between the portal roles to portlet roles.
This can be achieved using WLST scripts.
Thanks.
Micah C. -
IsUserinRole not working in web container
Hi,
I'm trying to get the authorization capability working in S1AS7 using the certificate realm, but am unable to successfully get a valid response from the request.isUserinRole() method.
I have the security role defined in web.xml; I also have a security-role-ref defined in the same file (although I've tested the method with and without using security-role-ref unsuccessfully).
I have a sun-web.xml file with the security-role-mapping where the role-name matches the role-name in web.xml and the principal-name is the subject DN in the certificate. Despite all this, the isUserinRole method never returns true.
I even retreived the certificate and its subject DN from the request - and I am able to do it successfully - but cannot get the role mapping to work fine. Can anyone suggest any pointers? I'm attaching parts of the web.xml and sun-web.xml files as datapoints.
Thanks.
<!-- The security configuration from web.xml-->
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
<description>Manager</description>
<role-name>MGR</role-name>
</security-role>
<!-- The role-mapping configuration from sun-web.xml-->
<sun-web-app>
<security-role-mapping>
<role-name>MGR</role-name> <principal-name>UID=100,CN=Manager,O=Company</principal-name>
</security-role-mapping>
</sun-web-app>
The same definitions of roles and mappings works fine in ejb.xml and sun-ejb.xml for the EJB authorizations.Hi Srini,
Here are the screenshots you requested. Do let me know if any more info is needed:
https://docs.google.com/file/d/0BzdimOKCEF76b2xGU0hZSndfVUU/edit?usp=sharing
https://docs.google.com/file/d/0BzdimOKCEF76WFFuTENvSExIMzg/edit?usp=sharing
Jimit -
Configuration error calling isUserInRole
In my application module I am populating a custom JhsUser bean with various bits of information including a description of the role the user is currently logged in with. To get the role I call getDBTransaction().getSession().isUserInRole("xxxxx") and set the description appropriately. However, by including the call to isUserInRole, the following server error is being thrown. The problem is the jar file the JAZN runtime is looking for "jhsadfrt-10.1.3.ja" when it should be "jhsadfrt-10.1.3.jar" !! Trouble is, I can't work out where this name is being derived from.
oracle.security.jazn.JAZNRuntimeException: Configuration file "/D:/jdevstudio10132/jdev/extensions/oracle.jheadstart.10.1.3/runtime/lib/jhsadfrt-10.1.3.ja/META-INF/orion-application.xml" does not exist.
Check your JAAS configuration settings.
at oracle.security.jazn.JAZNConfig.getJAZNProperties(JAZNConfig.java:830)
at oracle.security.jazn.JAZNConfig.<init>(JAZNConfig.java:255)
at oracle.jbo.server.security.jazn.JboJAZNContext.refresh(JboJAZNContext.java:166)
at oracle.jbo.server.security.jazn.JboJAZNContext.initialize(JboJAZNContext.java:96)
at oracle.jbo.server.SessionImpl.getJAASContext(SessionImpl.java:687)
at oracle.jbo.server.SessionImpl.getUserManager(SessionImpl.java:702)
at oracle.jbo.server.SessionImpl.isUserInRole(SessionImpl.java:617)
at Cheers,
BrentHi Sandra,
I'm using JDeveloper 10.1.3.2 (build 4066) and JHeadstart 10.1.3. as per your suggestion I used a fresh install of JDeveloper and JHeadstart but the same error message was given when trying to use isUserInRole().
I created a new JHeadstart application from scratch as well as was also given the same error. These are the steps I took so you can reproduce
1. Create new web application
2. Add single entity to model project
3. Modify configuration of application module and set jbo.security.enforce=Must
3. Add user/role information to the current workspace jazn.xml through Embedded OC4J Server Preferences
4. Edit properties of web.xml - add security roles, constraint and set login configuration to Basic
5. Override the prepareSession() method of the AppModule
protected void prepareSession(Session session) {
super.prepareSession(session);
if (getDBTransaction().getSession().isUserInRole("investigator")) {
System.out.println("User role is investigator");
6. Run the application, login and the server error is produced.
I created an identical ADF app without the use of JHeadstart and it works fine. The problem is definitely in the construction of the orion-application.xml filename. The "r" is missing off the "jhsadfrt-10.1.3.jar" component of the filename !
msg=Configuration file "/E:/jdevstudio10132/jdev/extensions/oracle.jheadstart.10.1.3/runtime/lib/jhsadfrt-10.1.3.ja/META-INF/orion-application.xml" does not exist. Check your JAAS configuration settingsThis filename must be coming from a JHeadstart library/class somewhere - any idea where ? -
ServletAuthentication logs in user but fails isUserInRole
Problems with ServletAuthentication, where I call
.weak(username,password,httpservletrequest) and the user is authenticated
but fails isUserInRole security checks.
User PASSES declarative security checks on EJB methods.... what gives?
WLS7 sp1.... standard embedded LDAP realm.
MarkusTo add to the fun.... pulled Subject from weblogic.security.Security and
iterated through the principals. My groups are there!
For kicks I tried a
ServletAuthentication.runAs(Security.getCurrentSubject(), request);
That didn't work.
What is going on?
"Markus Blumrich" <[email protected]> wrote in message
news:[email protected]..
Problems with ServletAuthentication, where I call
.weak(username,password,httpservletrequest) and the user is authenticated
but fails isUserInRole security checks.
User PASSES declarative security checks on EJB methods.... what gives?
WLS7 sp1.... standard embedded LDAP realm.
Markus -
Hi everyone,
I am using Pet Store application to test a security
issue by using request.isUserInRole() method in a
jsp file. But when I try to open the jsp page, it
always give me the false value with this method.
Does anyone work successfully with isUserInRole()
in a jsp page? or have any ideas about this what
is the problem?
Thanks in advance.
John Wang
Here are related codes,
1) a part of code in the jsp file,
<%
if (request.isUserInRole("gold_customer")) {
%>
Store Main Page/a>
<p>
Here is your Bonus
<p>
<%
} else {
%>
<p>
Store Main Page
<p>
<% } %>
2) a part of code in the web.xml
<security-role>
<description>the gold customer role</description>
<role-name>gold_customer</role-name>
</security-role>
3) a part of code in the weblogic.xml
<security-role-assignment>
<role-name>
gold_customer
</role-name>
<principal-name>
gold
</principal-name>
</security-role-assignment>Wow, this is absolutely incredible... you try to parse an empty String to an int and it throws an exception... I'd never have thought.
-
Bug in WL5.1 - isUserInRole( "role-name" or "role-link")
Hi
The isUserInRole corresponds only to role-link. This is the name thats given in
the security-role. Look at the servllet spec or the ejb documentation. IT explains
this clearly.
HTH
Raj
>
>
>Sriram Narayan wrote:
>
>> Hi
>> The isUserInRole method in Weblogic seems to be responding to the role-link
>instead of the role-name.
>> specifics ...
>> for the web.xml below,
>>
>> isUserInRole("ViewAllFields") is correct usage.
>> isUserInRole("boss") is wrong usage.
>> Right?
>> -----------------------------------
>> ..
>> <servlet>
>> ..
>> <security-role-ref>
>> <role-name>ViewALLFields</role-name>
>> <role-link>boss</role-link>
>> </security-role-ref>
>> ..
>> </servlet>
>> ..
>> <security-role>
>> <role-name>boss</role-name>
>> </security-role>
>> <security-role>
>> <role-name>subordinate</role-name>
>> </security-role>
>> ..
>> ------------------------------------
>>
>> Am i right?
>> But the weblogic implementation only seems to be responding to the
>wrong usage!!
>> Please help me out.
>> thanks
>> sriram
>
-
ServletAuthentication.weak() makes isUserInRole() always return false
I have a problem with SSO and authentification. If I authenticate with the weak()
method(have tried alle of them) authentication works fine and it seem to be single
signed-on, but
if we call the isUserInRole() method it always return false.
If I try to "call" pages from the client the declerativ security-constraints also
works fine preventing the user from accessing the pages. It is only when we use
the forward() method that we also use isUserInRole() to check if the user is permitted
to be forwarded(). WLS 6.1 sp2 tells us that the user is never in Role, no matter
what, if we use the weak() method to authenticate.
If I switch to using a j_sec_check form to authenticate the isUserInRole() works
fine. I can't use j_sec_check as a permanent solution though, because I need to
do a lot of pre- and post- processing in the login/authenication process.
Have any of you figured out a solution to this problem? Shouldn't isUserInRole()
work the same way regardless of if you logged in using SA.weak() or a j_security_check
form?Hi ,
If I switch to using a j_sec_check form to authenticate the isUserInRole()works
fine. I can't use j_sec_check as a permanent solution though, because Ineed to
do a lot of pre- and post- processing in the login/authenication process.You can use the j_security_check and still do the pre and post processing as
you want.
You have to following code,
package examples.servlets;
import java.io.PrintStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import weblogic.servlet.security.AuthFilter;
public class AuthFilterImpl extends AuthFilter
public AuthFilterImpl()
System.out.println("New AuthFilterImpl has been created.");
public void doPreAuth(ServletRequest servletrequest, ServletResponse
servletresponse)
System.out.println("AuthFilterImpl.doPreAuth has been called.");
System.out.println("Password is " +
servletrequest.getParameter("j_password"));
public boolean doSuccessAuth(ServletRequest servletrequest,
ServletResponse servletresponse)
System.out.println("AuthFilterImpl.doSuccessAuth has been called.");
return true;
public void doFailAuth(ServletRequest servletrequest, ServletResponse
servletresponse)
System.out.println("AuthFilterImpl.doFailAuth has been called.");
In your weblogic.xml have this entry,
<weblogic-web-app>
<auth-filter>
examples.servlets.AuthFilterImpl
</auth-filter>
</weblogic-web-app>
I am not sure about problem with SA.weak().
-utpal
"Morten" <[email protected]> wrote in message
news:[email protected]...
>
I have a problem with SSO and authentification. If I authenticate with theweak()
method(have tried alle of them) authentication works fine and it seem tobe single
signed-on, but
if we call the isUserInRole() method it always return false.
If I try to "call" pages from the client the declerativsecurity-constraints also
works fine preventing the user from accessing the pages. It is only whenwe use
the forward() method that we also use isUserInRole() to check if the useris permitted
to be forwarded(). WLS 6.1 sp2 tells us that the user is never in Role, nomatter
what, if we use the weak() method to authenticate.
If I switch to using a j_sec_check form to authenticate the isUserInRole()works
fine. I can't use j_sec_check as a permanent solution though, because Ineed to
do a lot of pre- and post- processing in the login/authenication process.
Have any of you figured out a solution to this problem? Shouldn'tisUserInRole()
work the same way regardless of if you logged in using SA.weak() or aj_security_check
form? -
Custom Authorization Logic Using request.isUserInRole(role) in Weblogic 11g
Dear All,
I am using BlazeDS and its security feature LoginCommand to implement a secured endpoint in Weblogic 11g. Since BlazsDS's default implementation uses HTTP session but we do not want to use it, we would like to implement our own version of authentication and authorization. However we faced a problem on authorization part.
For authentication, we use weblogic.security.services.Authentication.login(username, password), which returns correctly. For authorization, we try to use HttpServletRequest.isUserInRole(role) to determine whether a user belongs to a target role, but it returns false.
When we trying to fix the problem, we add weblogic.servlet.security.ServletAuthentication.login(username, password, request, response) before weblogic.security.services.Authentication.login(username, password), which will add information on HTTP session. It makes the later authorization using HttpServletRequest.isUserInRole(role) return true.
We want to know:
1. How can we check if an account belongs to a target role without using HTTP session in web application?
2. After we call Authentication.login(username, password), anything we need to do to log out for releasing any resource used?
3. If request.isUserInRole(role) is the only possible way to check if an account belongs to a target role, how to check the reason why it returns false?
And here is how we set up user, group and role:
User (in WebLogic Admin Console) – demo_user with demo_grp
Group (in WebLogic Admin Console) – demo_grp with patent demo_grp1
Role (in weblogic-application.xml) – demo_role maps to demo_grp1
We set nothing in web.xml as we want to use the security feature provide by BlazeDS to secure an endpoint at method level.
Remarks:
For Authorization in BlazeDS, what we have is the authenticated user's principal, and the required role of the calling method:
public boolean doAuthorization(Principal principal, List roles);
Thanks In Advance,
AlexYou gotta specify your child table recon-field in the process definition mappings as a Key Field. Refer OOTB AD connector and check:
Process Definition -> AD User ->Reconciliation Field Mappings -> memberOf -
Scalability of the security realm / isUserInRole?
When callling isUserInRole(), it seems that WLS6.1sp3 wants to load all
the users in the role into memory and eventually call getUser() on each of
them. Could someone verify or debunk that this is indeed what's happening?
We have roles with thousands of users in them so the above gets very
expensive to do (even with group/user caching timeout extended.)
Are there any workarounds to improve isUserInRole performance?
thanks,
-AdeWe wanted some thread dumps at intervals, but didn't want to have to do it manually so I created a Windows Scripting Host script to perform the Ctrl-Breaks.
You may be able to do the same and execute it from a telnet command prompt (this of course assumes that you have telnet set up and also the Windows Scripting host installed). -
Request.isUserInRole caused null pointer exception when logged in
Hi,
I have a jsp page in which I am trying to workout if a user is in a
particular role,
so I can prevent certain things from happening.
The problem I am having is when I haven't logged onto the application the
isUserInRole
is working fine. As soon as I authenticate, the next time the function is
called is causes
a null pointer exception.
I am using an ldaprealm for security and a weblogic URL policy file to
associate roles
with directories.
The following is the stack dump that gets displayed
java.lang.NullPointerException
at
weblogic.servlet.internal.ServletContextImpl.isUserInRole(ServletContextImpl
.java:1844)
at
weblogic.servlet.internal.ServletRequestImpl.isUserInRole(ServletRequestImpl
.java:668)
at
jsp_servlet._nzpilapp._publicview._nzpilapphomeview._jspService(_nzpilapphom
eview.java:84)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:123)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
l.java:761)
at
weblogic.servlet.internal.ServletContextImpl.invokeServlet(ServletContextImp
l.java:708)
at
weblogic.servlet.internal.ServletContextManager.invokeServlet(ServletContext
Manager.java:252)
at
weblogic.socket.MuxableSocketHTTP.invokeServlet(MuxableSocketHTTP.java:346)
at
weblogic.socket.MuxableSocketHTTP.execute(MuxableSocketHTTP.java:246)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:135)
Any Ideas on what is causing this??thanks Timo for your replay
I use Jdeveloper version (11.1.2.3)
First Question :- i have a view object of ( Countries ) in Hr Schema and include the name of the region ( RegionName ) Attribute From the ( Regions) View Object
to be appeared in the Countries View Object using groovy expression and accessors View link
when i insert a new record in the Coutries View Object it gives me an error
*(oracle.jbo.JboException) JBO-29000: Unexpected exception caught: java.lang.NullPointerException, msg=null* -
Need to check isUserInRole in Web Services
I defined a new role in web.xml:
<security-role>
<role-name>superusers</role-name>
</security-role>
and added mapping between role and principal in weblogic.xml:
<security-role-assignment>
<role-name>superusers</role-name>
<principal-name>superusers</principal-name>
</security-role-assignment>
Here is my code:
wsContext.isUserInRole("superusers");
If the service is secured with basic authentication it returns true, if I secure it with web services policy I got false with the same user sending request.
Is there any solution to this problem?
Edited by: user736757 on Apr 12, 2012 1:00 PMplease check forum
Re: Reading Security Header in JAX-WS web service
Hope that is helpful
Regards,
Sunil Polineni -
Newbie looking forward for help in isUserInRole
I want to configure the tomcat role with my users record, but I don't know when/how the tomcat can set the clientside with roles, so that the next request can have the workds in the head that I can call isUserInRole for identication. In other words, once if I want to configure the tomcat identicate the role/user from ldap other than current xml setting, how can I set the user "with roles" he just been identicated , for example, by one form identication?
thanks for any tips,
Fredeirck van targerogo into tomcat-users.xml lying in you tomcat\conf folder
an type under <tomcat-users>
<tomcat-users>
<role rolename="manager" />
<role rolename="admin" />
<user username="admin" password="admin" roles="admin.manager" />
</tomcat-users>you can remove preexisting roles an usernames if you want or just leave them there
now shutdown tomcat manually and startup again to setup new variables
access your tomcat startpage
usually localhost:8080/
if on own machine
an now you will be able to access both manager and admin pages... -
IsUserInRole() - return boolean from custom tag?
Hello
Im writing some custom tags extending TagSupport. At the moment my tags just create some collection and put it in the page scope for the jsp to access. (see example below)
I have a tag however that I would like to return a boolean for. This is specifically for checking isUserInRole();
I cant quite get my head around the idea of manipulating the page body or not and how this impacts writing the custom tags. If I want to return some value directly from my tag ie. a boolean value from isUserInRole(); is this manipulating the page body?
Is TagSupport the correct class to extend if I want to return a boolean value from my tag call.
Id appreciate any advice.
Thanks
Jon
public class refSuppliersTag extends TagSupport {
public int doStartTag() throws JspException {
try {
HashMap supplierMap = new HashMap();
supplierMap = (HashMap) referenceData.getSuppliers();
pageContext.setAttribute("suppliers", supplierMap);
} catch (Exception e) {
throw new JspException(e.toString());
return EVAL_PAGE;
------------------------------------------this is one way of designing your tag:
In JSTL
<my:login var="isAdminRole" role="admin"/>
<!-- test for it -->
<c:if test="${isAdminRole}">
yeah, you are admin user!
</c:if>
In Java
boolean isLoggedin = login();
session.setAttribute(var,isLoggedin);
// where "var" is a String tag attribute!
//...put the "boolean" result in "var", which is a session's parameter, request's parameter or whatever!
by Avatar Ng
[blog http://avatar21.superihost.com/ ]
Message was edited by:
Avatar_Ng -
UIX replacment for isUserInRole tag from the âRequest Tag Library,â
Is there a UIX replacement for the isUserInRole which is provided by the âRequest Tag Libraryâ?
This tag checks if the user has the correct security roles.
thanks
MarcelIs there a UIX replacement for the isUserInRole which is provided by the âRequest Tag Libraryâ?
This tag checks if the user has the correct security roles.
thanks
Marcel
Maybe you are looking for
-
consignment stock process
-
Unable to create the sales doc with ref to quotation
Hi, I am unable to create a sales order with ref to quotation, messege is "Create sales document" not allowed (User Status MKT, object VB0006000017000000)". how please advice me chandu
-
Goods issue against reservation from multiple batchs,
Dear Friends, My material is active for batch management at material level, When I do Goods receipt sytem generates unique batch no for the quantity of goods receipt, Goods is issuied against reservation, if reservation quantity is more th
-
Trying to install in redhat v7.3
I am new t othe redhat OS and need help to install sun java.... j2re-1_3_1_05-linux-i586-rpm.bin please help a newbee if you can
-
Is their a comment forum within support or elsewhere?
Having problems with billing and locating previous purchase orders using browser. Live billing would be much appreciated in the future.