users@glassfish.java.net

Re: JDBC realm, how GlassFish knows which group belongs to which user?

From: Richard Kolb <rjdkolb_at_gmail.com>
Date: Mon, 28 Mar 2011 11:04:35 +0200

Hi Hez

On 28 March 2011 10:51, hezjing <hezjing_at_gmail.com> wrote:

> Thanks, Richard!


Glad I could help :)


>
> Now I see that the GlassFish is actually getting the user - group
> relationship from the group table, but if this is something already
> documented in GlassFish documents? I don't find this from GlassFish 3.1
> Security Guide.
>

I did not find it there, but have not looked in a while.
If you don't still, please log a feature request.


I still have questions though, how can I verify and trace which role has
> been mapped to an user?
>

What I do programmaticly is :
    Principal userPrincipal = request.getUserPrincipal();
    GenericPrincipal genericPrincipal = (GenericPrincipal) userPrincipal;
    String[] roles = genericPrincipal.getRoles();



> Is there a logger in GlassFish I can turn on to see this kind of
> information?
>

In GlassFish 3.1 I go to the logging console in the GlassFish Admin Console.
Then I search for 'security', and set the debugging level to DEBUG.
This works well if the GlassFish Realm does not like your tables or
relations.
It dumps some good logs.


>
> What about how to print the roles in JSF? Example when a user logged in
> successfully, I want to display "You are a administrator" on the page?
>

Ah, Programatically you can do this kind of thing
   public boolean isAdmin() {
        ExternalContext context
                = FacesContext.getCurrentInstance().getExternalContext();
        Object requestObject = context.getRequest();
        if (!(requestObject instanceof HttpServletRequest)) {
            log.info("request object has type " + requestObject.getClass());
            return false;
        }
        HttpServletRequest request = (HttpServletRequest) requestObject;
        return request.isUserInRole("admin");
    }


<h:someComponent rendered="#{yourBean.admin}">
    Will be displayed when user.isAdmin() returns true.
</h:someComponent>

Hope this helps

There are also lots of ways of writing your own pretty login page and being
in more control in JSF2
If you need this help, please shout.

regards
Richard




>
>
>
> On Mon, Mar 28, 2011 at 1:28 PM, Richard Kolb <rjdkolb_at_gmail.com> wrote:
>
>> Hi Hez
>>
>> On 26 March 2011 11:23, hezjing <hezjing_at_gmail.com> wrote:
>>
>>> Hi
>>>
>>> I'm trying to create a JDBC realm in GlassFish 3.1.
>>>
>>> I have created an user table (with username and password columns) and a
>>> group table (with just a name column).
>>>
>>> I'm wondering how GlassFish can tell which groups assigned to which user?
>>> Isn't there should be one table storing these user group assignment?
>>>
>>>
>>> Appreciate your advice, thank you!
>>>
>>
>> This is one of the blogs I always look at
>> http://blogs.sun.com/swchan/entry/jdbcrealm_in_glassfish_with_mysql
>>
>> The user ID is a foreign key in the group table.
>>
>> Hope this helps
>> Richard.
>>
>>
>
>
> --
>
> Hez
>