I have the following JSF 2.1 login form, running in Glassfish 3.1
<h:form id="loginForm">
<h:panelGrid columns="2" cellspacing="5">
<h:outputText value="Username" />
<h:inputText value="#{loginHandler.username}" />
<h:outputText value="Password:" />
<h:inputText value="#{loginHandler.password}" />
<h:outputLabel value="" />
<h:commandButton value="Login" action="#{loginHandler.login}" />
</h:panelGrid>
</h:form>
And the following backing bean.
public String login() throws IOException, LoginException {
log.debug("Trying to login with username " + username);
HttpSession session = getRequest().getSession(true);
try {
getRequest().login(username, password);
// if OK, add Roles
????????
...................
} catch (ServletException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
log.debug("USER principal === " + getRequest().getUserPrincipal());
return "home";
}
The question is, how can I add roles programmatically to the UserPrincipal after successful login?
Update 1: I tried to get the Subject by using the following code but subject == null.
Subject thisSubject = Subject.getSubject(AccessController
.getContext());
Thanks, Coen
I came up with the following solution to add roles programmatically after login, which works at least on GlassFish 3.1.2 build 23.
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.web.integration.PrincipalGroupFactory;
import java.security.Principal;
import java.util.Set;
import javax.security.auth.Subject;
import org.glassfish.security.common.Group;
public class GlassFishUtils {
public static void addGroupToCurrentUser(String groupName, String realmName) {
Subject subject = SecurityContext.getCurrent().getSubject();
Set<Principal> principals = subject.getPrincipals();
Group group = PrincipalGroupFactory.getGroupInstance(groupName, realmName);
if (!principals.contains(group))
principals.add(group);
}
}
You will need to add security.jar
and common-util.jar
from GlassFish to your project libraries.
And don't forget to create a <security-role>
section in your web.xml for the roles you wish to add.
Note that I am using functionality which does not appear to be part of a published stable API, so there is no guarantee that this will keep working in future releases of GlassFish.
I got the information on how to add roles from the source code of sun.appserv.security.AppservPasswordLoginModule.commit()
of GlassFish.
If a future GlassFish release breaks my code, this function would be a good place to start in order to find out how to fix it.