I finally succededed in getting true from the isUserInRole() call, protecting more resources in the web.xml file. I have to check the whole application to see if the unauthenticated section still works (some of the resources i have put in the protected area are used by both parts). I'll keep you informed of the results.
Fabrice blb wrote: > > I did a few more tests. > The isUserInRole() returns true only for protected servlets. > I didn't succeded yet in declarings the jsps as protected resources. > > Fabrice > > blb wrote: >> >> David, >> >> Thanks for your reply. >> >> 1) Yes, the authentication works well. >> >> 2) isUserInRole() always returns false. It is called from a jsp which is >> not declared in the webapp protected resources (this configuration worked >> well in Tomcat). I'll try to declare the jsps in the protected resources >> to check if the problem is solved. >> >> 3) The webapp is made of jsps and servlets. The isUserInRole() call >> returns true in a protected servlet. >> >> Fabrice >> >> >> >> djencks wrote: >>> >>> I'd like to clarify a couple of points... >>> >>> - IIUC, you have to authenticate to access a secured page, this part >>> of security is working fine? >>> >>> - From a secured page, you cannot use isUserInRole()? >>> >>> - are all your pages jsps? Do they have servlet mappings? Does this >>> occur with a secured servlet? >>> >>> thanks >>> david jencks >>> >>> On Dec 17, 2009, at 7:10 AM, blb wrote: >>> >>>> >>>> Hi all, >>>> >>>> I am migrating from Tomcat to Geronimo and need some help to finish to >>>> configure security for a webapp. >>>> I can authenticate a user within Geronimo but I'm not able to get >>>> the user >>>> role. >>>> The request.isUserInRole() call always returns false. >>>> >>>> You can find below an extract of the configuration files concerned by >>>> security: >>>> http://old.nabble.com/file/p26829415/extract_geronimo-web.xml >>>> extract_geronimo-web.xml >>>> http://old.nabble.com/file/p26829415/extract_web.xml extract_web.xml >>>> >>>> Can you please tell me what's wrong (or missing) with the webapp >>>> configuration ? >>>> -- >>>> View this message in context: >>>> http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26829415.html >>>> Sent from the Apache Geronimo - Users mailing list archive at >>>> Nabble.com. >>>> >>> >>> >>> >> >> > > -- View this message in context: http://old.nabble.com/Unable-to-get-user-role-tp26829415s134p26847205.html Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.