Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Can't verify user role when doing form authentication with Vaadin
Hi all,
In my Vaadin application i try to make form login. I set a security constraint with folloging part of web.xml
<security-constraint>
<display-name>AutoCine Security Constraints</display-name>
<web-resource-collection>
<web-resource-name>A Protected Page</web-resource-name>
<url-pattern>/VAADIN/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
It works well, but when my com.vaadin.appliction which implements HttpServletRequestListener loads, inside onRequestStart() method
Principal principal = httpServletRequest.getUserPrincipal();
principal.getName() returns the principals name but
httpServletRequest.isUserInRole("administrator") doesn't work.
Any idea??
Thanks,
Kod
Kod Canavari: httpServletRequest.isUserInRole("administrator") doesn't work.
Did you declare the roles in web.xml? The link I've included shows how to do it in web.xml, but it can also be done through annotations on the servlet class with Java EE 6. Here is an example of that from an old blog of mine.
Cheers,
Bobby