Re: problem with securityContext.isUserInRole() with new SecurityAPI

2009-04-03 Thread Alexander J. Perez Tchernov 
FINE! I spent a time on debugging and resolved the problem.
I hope my remarks may help someone to prevent him from making such a mistake.

In my application I just create roles  in following manner

public Restlet сreateRoot() {
// create roles 
this.getRoles().add(new Role(ADMIN_ROLE, "Admin Role"));

//After I create JAXRSApplication
   JaxRsApplication jaxRsApplication = new
JaxRsApplication(getContext());
jaxRsApplication.add(new JaxRsConfiguration()); 

// Guard it and attach to router
   guard.setNext(jaxRsApplication);
   router.attach("/xxx", guard);
   return router;
}

My mistake was in the assumption that jaxRsApplication may inherit
roles from the 'parent' application.
Of course, it doesn't inherit these roles. So Application.getCurrent()
actually doesn't return role while ClientInfo has valid Principal and
Role.

public boolean isUserInRole(String roleName) {
// ...
Role role = Application.getCurrent().findRole(roleName);
// role == null if we don't set up roles for the
application explicitly
return role != null && this.request.getClientInfo().isInRole(role);
}
}


To fix this I just add the following  before guarding application and
attaching it to route.
// add roles from parent application to the child ones
jaxRsApplication.getRoles().addAll(this.getRoles());

That's all.


On Thu, Apr 2, 2009 at 11:26 PM, Xasima Xirohata  wrote:
> hi, I just created new organization, user (login admin, pass admin),
> and group using new security API (1.2 M2) . Bind user + group to
> organization. Bind group to role "ADMIN_ROLE". Set up authorizer
> against this role + HTTP_BASIC Guard against appropriate resource (
> /admin/*)  with this role authorizer.
>
> When point to resource (/admin/subresource), I just pass the admin /
> admin credentials (so Guard and authorizer works) and get access to
> the page (generated by resource), but the check
> securityContext.isUserInRole() in my JAX-RS resource fails against the
> ROLE i have just recently been checked. UserPrincipals is still valid
> (it shows admin).
>
> Sorry, am i right with the code or just miss something?
>
> 
> public class Application extends org.restlet.Application {
>        public Application() {  this(null); }
>        public Application(Context context) { super(context);}
>
>        public static final String ADMIN_ROLE = "ADMIN_ROLE";
>
>       �...@override
>        public Restlet createRoot() {
>                Router router = new Router(getContext());
>
>                // create roles
>                this.getRoles().add(new Role(ADMIN_ROLE, "Admin Role"));
>
>               // create realm (i.e. create users and groups, bind
> users to groups, bind groups to roles)
>                MemoryRealm realm = new MemoryRealm();
>                Organization org = createOrganization(realm, this); //static 
> methods
> that create org, groups, user + bind to the role group
>                realm.getOrganizations().add(org);
>                getContext().setRealm(realm);
>
>               // create specific (ADMIN_ONLY) role policy
>                RoleAuthorizer roleAuthorizer = new RoleAuthorizer();
>                
> roleAuthorizer.getAuthorizedRoles().add(this.findRole(ADMIN_ROLE));
>
>                 // create authentification guard
>                ChallengeGuard guard = new ChallengeGuard(getContext(),
>                        ChallengeScheme.HTTP_BASIC, "Guard");
>
>               // create application
>                JaxRsApplication jaxRsApplication = new 
> JaxRsApplication(getContext());
>                jaxRsApplication.add(new JaxRsConfiguration()); 
> //JAXRSConfiguration
> extends javax.ws.rs.core.Application+ pick up AdminResource in
> getClasses() method.
>
>                // set role authorizer  to guard
>                guard.setAuthorizer(roleAuthorizer);
>                // bind application to guard
>                guard.setNext(jaxRsApplication);
>                // attach guard to router
>                router.attach("/admin", guard);
>
>                return router;
>       }}
>  -
> @Path("/{subresource}")
> public class AdminResource {
>       �...@context
>    SecurityContext securityContext;
>
>       �...@get
>        public Response station(@PathParam("subresource") String station) {
>                String role = roleChecker();
>                return Response.ok("Subresourse '" + subresource +
>                                              "', Principal '" +
> securityContext.getUserPrincipal().getName() +
>                                              ", InRole" +
>
> securityContext.isUserInRole(Application.ADMIN_ROLE)+ "' ",
>           MediaType.TEXT_HTML).build();
>        }
> }
>
> web.xml
> 
> http://www.w3.org/2001/XMLSchema-instance";
> xmlns="http://java.sun.com/xml/ns/javaee"

problem with securityContext.isUserInRole() with new SecurityAPI

2009-04-02 Thread Alexander J. Perez Tchernov 
hi, I just created new organization, user (login admin, pass admin),
and group using new security API (1.2 M2) . Bind user + group to
organization. Bind group to role "ADMIN_ROLE". Set up authorizer
against this role + HTTP_BASIC Guard against appropriate resource (
/admin/*)  with this role authorizer.

When point to resource (/admin/subresource), I just pass the admin /
admin credentials (so Guard and authorizer works) and get access to
the page (generated by resource), but the check
securityContext.isUserInRole() in my JAX-RS resource fails against the
ROLE i have just recently been checked. UserPrincipals is still valid
(it shows admin).

Sorry, am i right with the code or just miss something?


public class Application extends org.restlet.Application {
public Application() {  this(null); }
public Application(Context context) { super(context);}

public static final String ADMIN_ROLE = "ADMIN_ROLE";

@Override
public Restlet createRoot() {   
Router router = new Router(getContext());

// create roles 
this.getRoles().add(new Role(ADMIN_ROLE, "Admin Role"));

   // create realm (i.e. create users and groups, bind
users to groups, bind groups to roles)
MemoryRealm realm = new MemoryRealm();
Organization org = createOrganization(realm, this); //static 
methods
that create org, groups, user + bind to the role group
realm.getOrganizations().add(org);  
getContext().setRealm(realm);

   // create specific (ADMIN_ONLY) role policy
RoleAuthorizer roleAuthorizer = new RoleAuthorizer();

roleAuthorizer.getAuthorizedRoles().add(this.findRole(ADMIN_ROLE));

 // create authentification guard
ChallengeGuard guard = new ChallengeGuard(getContext(),
ChallengeScheme.HTTP_BASIC, "Guard");

   // create application
JaxRsApplication jaxRsApplication = new 
JaxRsApplication(getContext());
jaxRsApplication.add(new JaxRsConfiguration()); 
//JAXRSConfiguration
extends javax.ws.rs.core.Application+ pick up AdminResource in
getClasses() method.

// set role authorizer  to guard
guard.setAuthorizer(roleAuthorizer);
// bind application to guard
guard.setNext(jaxRsApplication);
// attach guard to router
router.attach("/admin", guard);

return router;
   }}
 -
@Path("/{subresource}")
public class AdminResource {
@Context
SecurityContext securityContext;

@GET
public Response station(@PathParam("subresource") String station) {
String role = roleChecker();
return Response.ok("Subresourse '" + subresource +
  "', Principal '" +
securityContext.getUserPrincipal().getName() +
  ", InRole" +

securityContext.isUserInRole(Application.ADMIN_ROLE)+ "' ",
   MediaType.TEXT_HTML).build();
}
}

web.xml

http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"; version="2.5">


  

RestletServletAdaptor

org.restlet.ext.servlet.ServerServlet




org.restlet.application
com.example.services.Application




RestletServletAdaptor
/*


-- 
Best regards,
 ~ Xasima Xirohata ~

--
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=1523928