Re: [S2] populating user roles

Thu, 03 May 2007 22:07:03 -0700

Thanks, that what was I was looking for. I will take a look at your example, 
but I'm also considering just writing my own RolesInterceptor ...

F


Quoting Josh Vickery <[EMAIL PROTECTED]>:

Flemming, if you are not using JAAS, and don't want to interact with
it, you can fake it by wrapping the HttpServletRequest in a servlet
filter.  This is the method used by SecurityFilter
(http://securityfilter.sourceforge.net/) and is very easy to
implement.

Here are some code snippets:
A filter, applied to /* in web.xml

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
               UserSession  userSession = (UserSession)
session.getAttribute(Constants.USER_SESSION);
                request = new JaasRequestWrapper((HttpServletRequest)request, 
userSession);
                chain.doFilter(request, response);
        }

and then JaasRequestionWrapper.java:

public class JaasRequestWrapper extends HttpServletRequestWrapper {

   private UserSession userSession;
   public JaasRequestWrapper(HttpServletRequest request, UserSession
userSession)
   {
       super(request);
       this.userSession = userSession;
   }

   @Override
   public boolean isUserInRole(String role) {
       return userSession.hasRole(role);
   }
}

Where UserSession, is something that you store in the session at user
login containing a list of roles to check against.


On 5/2/07, Flemming Seerup <[EMAIL PROTECTED]> wrote:
Am I missing something? I have a working version of an AuthInterceptor, but 
still no examples on how to control isUserInRole().

On manning.com I found a lightbody_src.zip from WW in action, but it doesn't
handle roles.
Could anybody tell me the location of Mark Mernards blog?

/Flemming


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to