Affects Version/s: 6.1.2rc0
Fix Version/s: 6.1.2rc0
Environment:java version "1.5.0_09"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_09-b01)
Java HotSpot(TM) Client VM (build 1.5.0_09-b01, mixed mode, sharing)
jetty-jboss compiled with Java 1.4.2_03 Blackdown
Number of attachments :
request.isUserInRole("anything") - returns false.
it happens because of
_realm._realmMapping.doesUserHaveRole(this._principal,requiredRoles) returns FALSE
and this does it because Subject subject = SubjectActions.getActiveSubject(); returns NULL (from org.jboss.security.plugins.JaasSecurityManager)
Here is comment for the org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole :
Does the current Subject have a role(a Principal) that equates to one
of the role names. This method obtains the Group named 'Roles' from
the principal set of the currently authenticated Subject as determined
by the SecurityAssociation.getSubject() method and then creates a
SimplePrincipal for each name in roleNames. If the role is a member of the
Roles group, then the user has the role.
-->>>> This requires that the caller
-->>>> establish the correct SecurityAssociation subject prior to calling this
-->>>> method. In the past this was done as a side-effect of an isValid() call,
-->>>> but this is no longer the case.
So it mightbe the reason.
I did some quick fix which seems like work (see attachment).
But would be nice if you could check it out and fine real reason why it is not working properly.