Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [soteria-dev] Programmatically change roles
Hi,

To change the roles mid-request and have the authentication mechanism be called again (which on its turn calls the identity store), you have to call request.logout() first.

What exactly happens then depends on the authentication mechanism that is configured. The CustomFormAuthenticationMechanism is most suited for this, as it will not send any challenge to the response (ask the user to provide credentials for instance).

Note that the EE Security API contains a special credential that can be used here: javax.security.enterprise.credential.CallerOnlyCredential, but if you're using a custom identity store you can of course also use your own custom Credential here.

For the next version of EE security we should work out this use case a little bit better. As you have noticed, it's slightly rough around the edges. Part of the reason is that we depend on HttpServletRequest#authenticate, which is itself a little rough around the edges still.

Hope this helps though.

Kind regards,
Arjan






On Wed, Oct 3, 2018 at 10:39 PM Ulrich Cech <developer@xxxxxxxxxxxx> wrote:
Hi soteria-dev-group,

I implemented a normal and default authentication process with the new
java EE 8 security API and it worked perfectly.

But now I get stuck at the moment with the problem to change the
users-roles upon selecting a new 'organization-unit' on the website. I
have a JSF-application, and a user belongs to one or more organization
units. Depending on these units, he has different 'roles' or groups.
These organization-units are available on a select-box on the web-page,
and if I change this value, the new roles should be applied.

The problem now is, that when I am calling the following:
     public void onChangeOrganizationUnit(final AjaxBehaviorEvent event)
{  // <--- this method is called when selecting a new value from the
select-box on the HTL-page

         AuthenticationStatus status = this.securityContext.authenticate(
                 (HttpServletRequest) externalContext.getRequest(),
                 (HttpServletResponse) externalContext.getResponse(),
                 AuthenticationParameters.withParams()
                         .newAuthentication(true)
                         .credential(credential)
         );
     }

This status is always "SUCCESS". It never calls the "validate"-Method of
the IdentityStore. I think, that has something to do, that this request
is an AJAX-request and there is some "caching", which recognizes no
changes in the current HTTP-Request. Is this asumption correct?

Can you give me some hints, where to look or how to implement such use-case?

Thanks in advance for any advice
Ulrich

_______________________________________________
soteria-dev mailing list
soteria-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/soteria-dev

Back to the top