Forum Stats

  • 3,837,108 Users
  • 2,262,226 Discussions
  • 7,900,204 Comments

Discussions

isUserInRole always false

ILya Cyclone
ILya Cyclone Member Posts: 888 Bronze Badge

Hello.

According to this document

Using Programmatic Security with Web Applications - The Java EE 6 Tutorial

I'm doing a simple programatic login servlet on WebLogic 12.1.3.

HttpServletRequest.login method works, but when I try to check user roles using HttpServletRequest.isUserInRole I always get false.

Servlet class:

public class Servlet1 extends HttpServlet {     public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {          request.login(LOGIN, PASSWORD);          System.out.println("In role AUTHENTICATED_USERS: "+request.isUserInRole("AUTHENTICATED_USERS"));          System.out.println("In role personal_office: "+request.isUserInRole("personal_office"));          System.out.println("In role personal_office_app: "+request.isUserInRole("personal_office_app"));     }}

All isUserInRole return false.

web.xml:

<?xml version = '1.0' encoding = 'UTF-8'?><web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"         version="3.0">  <servlet>    <servlet-name>Servlet1</servlet-name>    <servlet-class>testproglog.Servlet1</servlet-class>    <security-role-ref>      <role-name>personal_office_app</role-name>      <role-link>personal_office</role-link>    </security-role-ref>  </servlet>  <servlet-mapping>    <servlet-name>Servlet1</servlet-name>    <url-pattern>servlet1</url-pattern>  </servlet-mapping>    <security-role>    <role-name>personal_office</role-name>  </security-role></web-app>

To verify that I'm not mistyping role name or something I found a method that lets me list user roles on weblogic:

Arrays.asList(SubjectUtils.getPrincipalNames(Security.getCurrentSubject()).split("/"))

And it shows me that I do have AUTHENTICATED_USERS and personal_office roles after login.

Why HttpServletRequest.isUserInRole is always false?

Also I tried the same code on tomcat and it isUserInRole works correctly there. What's wrong on WebLogic?

JDeveloper / WebLogic 12.1.3

java version "1.7.0_51"

Java(TM) SE Runtime Environment (build 1.7.0_51-b13)

Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)

Thanks

This discussion has been closed.