Hey,
I basically have a bunch of roles which should each be mapped to
different combinations of a user's "GroupPrincipals". Something like
this:
<sec:role role-name="Lamp Room">
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="Lamp Room"/>
</sec:role>
<sec:role role-name="VDS User">
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="Lamp Room"/>
</sec:role>
<sec:role role-name="Personnel User">
<sec:principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="Lamp Room"/>
</sec:role>
This means that named roles are all assigned to a user of group "Lamp Room".
Though doing the following I don't see these "virtual roles", only the
actual group.
Subject subject = ContextManager.getCurrentCaller();
Set<Principal> principals = subject.getPrincipals();
I can see how this would be the case, though the following must
definitely work: isCallerInRole("Personnel Admin") or EVEN
isCallerInRole("Lamp Room"). They all return false.
If I have a method annotated with @RolesAllowed({"Personnel User"}),
then GeronimoSecurityService.isCallerAuthorized(Method method,
InterfaceType typee) return TRUE.
Though, GeronimoSecurityService.isCallerInRole(String role) returns
FALSE when I query isCallerInRole("Personnel User").
I assume somewhere the AccessControlContext isn't populated correctly?
I'm not really sure how this should work, so if someone can tell me
how this all fits together I can have a look.
Quintin Beukes
