Skip to Main Content
Forums

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

isUserInRole always false

ILya CycloneMay 16 2017

Hello.

According to this document

Using Programmatic Security with Web Applications - The Java EE 6 Tutorial

I'm doing a simple programatic login servlet on WebLogic 12.1.3.

HttpServletRequest.login method works, but when I try to check user roles using HttpServletRequest.isUserInRole I always get false.

Servlet class:

public class Servlet1 extends HttpServlet {
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
          request.login(LOGIN, PASSWORD);
          System.out.println("In role AUTHENTICATED_USERS: "+request.isUserInRole("AUTHENTICATED_USERS"));
          System.out.println("In role personal_office: "+request.isUserInRole("personal_office"));
          System.out.println("In role personal_office_app: "+request.isUserInRole("personal_office_app"));
     }
}

All isUserInRole return false.

web.xml:

<?xml version = '1.0' encoding = 'UTF-8'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">
  <servlet>
    <servlet-name>Servlet1</servlet-name>
    <servlet-class>testproglog.Servlet1</servlet-class>
    <security-role-ref>
      <role-name>personal_office_app</role-name>
      <role-link>personal_office</role-link>
    </security-role-ref>
  </servlet>
  <servlet-mapping>
    <servlet-name>Servlet1</servlet-name>
    <url-pattern>servlet1</url-pattern>
  </servlet-mapping>
  
  <security-role>
    <role-name>personal_office</role-name>
  </security-role>
</web-app>

To verify that I'm not mistyping role name or something I found a method that lets me list user roles on weblogic:

Arrays.asList(SubjectUtils.getPrincipalNames(Security.getCurrentSubject()).split("/"))

And it shows me that I do have AUTHENTICATED_USERS and personal_office roles after login.

Why HttpServletRequest.isUserInRole is always false?

Also I tried the same code on tomcat and it isUserInRole works correctly there. What's wrong on WebLogic?

JDeveloper / WebLogic 12.1.3

java version "1.7.0_51"

Java(TM) SE Runtime Environment (build 1.7.0_51-b13)

Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)

Thanks
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 13 2017
Added on May 16 2017
#java-servlet
0 comments
1,289 views