Mario, you are a hero. do women come and worship you in the street? they
should! Using reflection to break into an object of a foreign class is
just...genius! this is the sort of thing that Ruby programmers do all
the time, but is very hard to do in Java...
my final code (in the context of a ServiceImpl class for an xFire
webservice, exception-handling & error-checking elided)
//get Role from security Principal, which we 'happen to know', is
// an instance of catalina MemoryUser.
HttpServletRequest request = XFireServletController.getRequest();
Principal principal = request.getUserPrincipal();
String rolename = null;
if(principal != null){
if(principal.getClass().getName().equalsIgnoreCase("org.apache.catalina.users.MemoryUser")){
Iterator it =(Iterator)
principal.getClass().getMethod("getRoles").invoke(principal);
Object role = it.next();
String role1 =
(String)role.getClass().getMethod("getRolename").invoke(role);
int i = 0;
}else{
String xml = principal.toString();
rolename = xml.split("\"")[3]; // [1]=username,
[2]=pass, [3]=roles
}
}else{
rolename = "public";
}
Mario Ivankovits wrote:
Hi!
A more flexible option is to use securityfilter
(http://securityfilter.sourceforge.net) to handle everything.
If you are already using spring have a look at ACEGI.
It is not really easy to install, but allows you to e.g. have different
login methods within the same webapp.
Regarding the principal. Remember, you can always use reflection to
break into an object (given you use no securitymanager or a liberal
configured one).
For example, I used for a while:
try
{
Method hasRoleMeth =
principal.getClass().getMethod("hasRole", String.class);
return (Boolean) hasRoleMeth.invoke(principal, role);
}
catch (NoSuchMethodException e)
{
log.error(e.getLocalizedMessage(), e);
}
catch (IllegalAccessException e)
{
log.error(e.getLocalizedMessage(), e);
}
catch (InvocationTargetException e)
{
log.error(e.getLocalizedMessage(), e);
}
Ciao,
Mario
--
Matthew Kerle
IT Consultant
Canberra, Australia
Mobile: +61404 096 863
Email : [EMAIL PROTECTED]
Web : http://threebrightlights.blogspot.com/
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]