Get started
Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

CssImport when using Component Exporter by Mikhail Shabarov, 1 month ago
Recent Posts
Vaadin Forum4. Other

Can't verify user role when doing form authentication with Vaadin

Kod Canavari
10 years ago Apr 23, 2012 3:54pm

Hi all,

In my Vaadin application i try to make form login. I set a security constraint with folloging part of web.xml

<security-constraint>
<display-name>AutoCine Security Constraints</display-name>
<web-resource-collection>
<web-resource-name>A Protected Page</web-resource-name>
<url-pattern>/VAADIN/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>

It works well, but when my com.vaadin.appliction which implements HttpServletRequestListener loads, inside onRequestStart() method

Principal principal = httpServletRequest.getUserPrincipal();
principal.getName() returns the principals name but

httpServletRequest.isUserInRole("administrator") doesn't work.

Any idea??

Thanks,
Kod

Last updated on Apr, 23rd 2012
Bobby Bissett
10 years ago Apr 25, 2012 4:08pm

Kod Canavari: httpServletRequest.isUserInRole("administrator") doesn't work.

Did you declare the roles in web.xml? The link I've included shows how to do it in web.xml, but it can also be done through annotations on the servlet class with Java EE 6. Here is an example of that from an old blog of mine.

Cheers,
Bobby

Last updated on Apr, 25th 2012