• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

Roles of a user

 
Ranch Hand
Posts: 113
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello All,

I hope this is the right place to post my question.

I am working on a web application that uses Custom security that was written using JAAS by the some team internal to the origanization.

In web.xml I have configured Security roles using <security-role> and <security-constraint> tags.

After successful login, If I print user name and his roles, I am able to see the roles which I have configured for this user.

Let us take a scenario I have two users with usernames User1 and USer2.
The role assigned to user1 is role1
The role assigned to user2 is role2.

I have opened teo browsers and logged into the system with these two users.
After successful login, I am showing a welcome page where I would display User name and his roles.

For User1, after sucessfull login, I am able to see his name and role1=true.
For User2, I am able to see his name and role2=true.

Now, problem comes here.. When I try to refresh User1 browser couple of times, I see his name with role "role2=true". Same with User2, I see his role as "role1=true"

I am checking if user has roles using
request.isUserInRole(Constants.ROLE1)
request.isUserInRole(Constants.ROLE2)

I am not sure why the request object is not being able to get the correct roles.

Is there any configuration thing I need to take care of.
Early replys would be greatly appreciated

thank you
 
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Sari,

Are you opening 2 browser windows on the same pc? If so I think they might end up shareing the same session cookie. I've never been too sure on this - it might depend on the browser implementation.

I've also seen this session confusion happen from seperate pcs where the requests were routed through a proxy that did some caching. User 1 requested a personalized which displayed correctly, as did user 2, but then user 1 got user 2's page. Had to get them to set their IE browser so that it didn't use the proxy for requests to the application.

Regards,
Louise
 
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree with the last user about sharing the same session stuff, but how are you opening your browser? Are you clicking on the browser, then hitting control-N for another browser to open? If so, it will definetly share same session, but if you open two separate browser instances, there should be no conflicting data. If this doesn't help, could you post the code and we could try to replicate the problem? Thanks.
 
s penumudi
Ranch Hand
Posts: 113
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Thank you very much for your replys.

Yes, I am testing my application by opening two browsers from same machine.
I am not using control-N or file<->New window options form the IE. I am opening two seperate new instances of IE.

I am using
- oracle 10g AS (9.0.4).
- JSP and Struts
- Internal Security implemented as per JAAS.

Jsp:


Web.xml file


Thank you
 
it's a teeny, tiny, wafer thin ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic