编程认证之后添加角色 [英] Programmatically add roles after authentication

问题描述

我有以下JSF 2.1的登录表单，在Glassfish的3.1运行

I have the following JSF 2.1 login form, running in Glassfish 3.1

<h:form id="loginForm">
        <h:panelGrid columns="2" cellspacing="5">
            <h:outputText value="Username" />
            <h:inputText value="#{loginHandler.username}" />
            <h:outputText value="Password:" />
            <h:inputText value="#{loginHandler.password}" />
            <h:outputLabel value="" />
            <h:commandButton value="Login" action="#{loginHandler.login}" />
        </h:panelGrid>
    </h:form>

和下面的支持Bean。

And the following backing bean.

public String login() throws IOException, LoginException {

    log.debug("Trying to login with username " + username);

    HttpSession session = getRequest().getSession(true);

    try {
        getRequest().login(username, password);

        // if OK, add Roles
                    ????????
                    ...................

    } catch (ServletException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }


    log.debug("USER principal === " + getRequest().getUserPrincipal());

    return "home";
}

现在的问题是，我怎么能成功登录后编程方式添加角色到UserPrincipal？

The question is, how can I add roles programmatically to the UserPrincipal after successful login?

更新1：我就先通过以下code，但主题的主题== NULL

Update 1: I tried to get the Subject by using the following code but subject == null.

Subject thisSubject = Subject.getSubject(AccessController
                .getContext());

谢谢，
科恩

Thanks, Coen

推荐答案

我想出了以下解决方案登录后以编程方式添加角色，其工作方式，至少在GlassFish 3.1.2版本23。

I came up with the following solution to add roles programmatically after login, which works at least on GlassFish 3.1.2 build 23.

import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.web.integration.PrincipalGroupFactory;
import java.security.Principal;
import java.util.Set;
import javax.security.auth.Subject;
import org.glassfish.security.common.Group;

public class GlassFishUtils {
    public static void addGroupToCurrentUser(String groupName, String realmName) {
        Subject subject = SecurityContext.getCurrent().getSubject();
        Set<Principal> principals = subject.getPrincipals();
        Group group = PrincipalGroupFactory.getGroupInstance(groupName, realmName);
        if (!principals.contains(group))
            principals.add(group);
    }
}

您将需要添加 security.jar 和共util.jar 从GlassFish在您的项目库。

You will need to add security.jar and common-util.jar from GlassFish to your project libraries.

和不要忘了创建一个＆LT;安全角色的方式＆gt; 在web.xml您要添加的角色栏目

And don't forget to create a <security-role> section in your web.xml for the roles you wish to add.

请注意，我用它不似乎是一个稳定的公布API的一部分功能，所以没有保证，这将保持在GlassFish中的未来版本中工作。

Note that I am using functionality which does not appear to be part of a published stable API, so there is no guarantee that this will keep working in future releases of GlassFish.

我如何从来源$ C ​​$ C的GlassFish sun.appserv.security.AppservPasswordLoginModule.commit（）添加角色的信息。
如果未来发布的GlassFish我突破code，这个功能将是为了找出如何解决它开始的好地方。

I got the information on how to add roles from the source code of sun.appserv.security.AppservPasswordLoginModule.commit() of GlassFish. If a future GlassFish release breaks my code, this function would be a good place to start in order to find out how to fix it.

这篇关于编程认证之后添加角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！