Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase

Thu, 16 Aug 2007 07:52:18 -0700

Mario, you are a hero. do women come and worship you in the street? they should! Using reflection to break into an object of a foreign class is just...genius! this is the sort of thing that Ruby programmers do all the time, but is very hard to do in Java...
my final code (in the context of a ServiceImpl class for an xFire webservice, exception-handling & error-checking elided) 

       //get Role from security Principal, which we 'happen to know', is
       // an instance of catalina MemoryUser.
       HttpServletRequest request = XFireServletController.getRequest();
       Principal principal = request.getUserPrincipal();
       String rolename = null;
       if(principal != null){

           
if(principal.getClass().getName().equalsIgnoreCase("org.apache.catalina.users.MemoryUser")){
               Iterator it =(Iterator) 
principal.getClass().getMethod("getRoles").invoke(principal);

               Object role = it.next();

               String role1 = 
(String)role.getClass().getMethod("getRolename").invoke(role);

               int i = 0;
           }else{
               String xml = principal.toString();

               rolename = xml.split("\"")[3]; // [1]=username, 
[2]=pass, [3]=roles

           }
       }else{
           rolename = "public";
       }


Mario Ivankovits wrote:

Hi!

  

A more flexible option is to use securityfilter
(http://securityfilter.sourceforge.net) to handle everything.

  
    

If you are already using spring have a look at ACEGI.
It is not really easy to install, but allows you to e.g. have different
login methods within the same webapp.

Regarding the principal. Remember, you can always use reflection to
break into an object (given you use no securitymanager or a liberal
configured one).

For example, I used for a while:

        try
        {
            Method hasRoleMeth =
principal.getClass().getMethod("hasRole", String.class);
            return (Boolean) hasRoleMeth.invoke(principal, role);
        }
        catch (NoSuchMethodException e)
        {
            log.error(e.getLocalizedMessage(), e);
        }
        catch (IllegalAccessException e)
        {
            log.error(e.getLocalizedMessage(), e);
        }
        catch (InvocationTargetException e)
        {
            log.error(e.getLocalizedMessage(), e);
        }


Ciao,
Mario


  


--
Matthew Kerle
IT Consultant
Canberra, Australia

Mobile: +61404 096 863
Email : [EMAIL PROTECTED]
Web : http://threebrightlights.blogspot.com/


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to