Hitachi Vantara Pentaho Community Forums
Results 1 to 3 of 3

Thread: Accessing Security Authorities in JSP

  1. #1

    Default Accessing Security Authorities in JSP

    Hello.

    I would like to access user's granted authorities in a jsp. How can i do ?

    I tried to look at SECURITY_PRINCIPAL pentaho session's attribute.



    Here is what i done :

    Code:
    IPentahoSession userSession = UIUtil.getPentahoSession( request );
    UsernamePasswordAuthenticationToken token=((UsernamePasswordAuthenticationToken)userSession.getAttribute("SECURITY_PRINCIPAL"));
      User user= (User) token.getPrincipal();
      GrantedAuthority[] authorities= user.getAuthorities();
    This way i'm able to access the authorities, but i don't like this way of doing:
    - it needs to many casts,
    - it needs to use directly the acegi security package

    Is there another way to get those informations ? I did not found it in another PentahoSession attribute.

    Thanks

    __________________
    Ronan DUNKLAU
    BPM Conseil
    www.bpm-conseil.com

  2. #2

    Default Use system-actions instead

    I have noticed that this approach was wrong : i would better have an xaction executed at every session opening, use the role in it and then store in the session the info i deduced from the role.

  3. #3
    Join Date
    Oct 2006
    Posts
    817

    Default

    If you still need access to roles within a JSP, I recommend the Authorization Tag Libraries included with Acegi Security. You can also call (in a JSP scriptlet or expression) request.getRemoteUser(), request.getUserPrincipal(), and request.isUserInRole().

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.