Can't verify user role when doing form authentication with Vaadin

Kod · April 23, 2012, 3:54pm

Hi all,

In my Vaadin application i try to make form login. I set a security constraint with folloging part of web.xml

<security-constraint>
	<display-name>AutoCine Security Constraints</display-name>
	<web-resource-collection>
		<web-resource-name>A Protected Page</web-resource-name>
		<url-pattern>/VAADIN/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
		<role-name>administrator</role-name>
	</auth-constraint>
</security-constraint>

It works well, but when my com.vaadin.appliction which implements HttpServletRequestListener loads, inside onRequestStart() method

Principal principal = httpServletRequest.getUserPrincipal();
principal.getName() returns the principals name but

httpServletRequest.isUserInRole(“administrator”) doesn’t work.

Any idea??

Thanks,
Kod

Bobby · April 25, 2012, 4:08pm

Did you
declare the roles
in web.xml? The link I’ve included shows how to do it in web.xml, but it can also be done through annotations on the servlet class with Java EE 6.
Here is an example
of that from an old blog of mine.

Cheers,
Bobby