posted 19 years ago
Hello All,
I hope this is the right place to post my question.
I am working on a web application that uses Custom security that was written using JAAS by the some team internal to the origanization.
In web.xml I have configured Security roles using <security-role> and <security-constraint> tags.
After successful login, If I print user name and his roles, I am able to see the roles which I have configured for this user.
Let us take a scenario I have two users with usernames User1 and USer2.
The role assigned to user1 is role1
The role assigned to user2 is role2.
I have opened teo browsers and logged into the system with these two users.
After successful login, I am showing a welcome page where I would display User name and his roles.
For User1, after sucessfull login, I am able to see his name and role1=true.
For User2, I am able to see his name and role2=true.
Now, problem comes here.. When I try to refresh User1 browser couple of times, I see his name with role "role2=true". Same with User2, I see his role as "role1=true"
I am checking if user has roles using
request.isUserInRole(Constants.ROLE1)
request.isUserInRole(Constants.ROLE2)
I am not sure why the request object is not being able to get the correct roles.
Is there any configuration thing I need to take care of.
Early replys would be greatly appreciated
thank you