2012年5月31日星期四

ADF_128:使用SecurityContext.getUserRoles()获取用户的角色和组信息

运行环境:JDeveloper 11.1.2.4.0 + Oracle Database 11gR2 Express Edition。

本实验的目的是比较Container Security和ADF Security API,本实验基于《为ADF Web应用增加安全》。

1. 在products.jsf中增加如下代码:

<af:inputText label="User" id="it1" value="#{securityBean.currentUser}"/>
<af:inputText label="Groups" id="it2" value="#{securityBean.currentUserGroups}"/>
<af:inputText label="Roles" id="it3" value="#{securityBean.currentUserRoles}"/>
<af:inputText label="Belong To WLS Group: users ?" id="it4" value="Got the users role from weblogic"
              rendered="#{securityBean.wlsUserGroup}" columns="80"/>
<af:inputText label="Belong To WLS Role: valid-users" id="it5" value="Got the valid-users mapped by weblogic.xml"
              rendered="#{securityBean.containerUserRole}" columns="80"/>

2. 对应的SecurityBean.java代码如下:

package view;

import java.security.Principal;

import java.util.ArrayList;
import java.util.Set;

import javax.faces.context.FacesContext;

import javax.security.auth.Subject;

import oracle.adf.share.ADFContext;

import weblogic.security.Security;
import weblogic.security.SubjectUtils;
import weblogic.security.principal.WLSGroupImpl;
import weblogic.security.principal.WLSUserImpl;

public class SecurityBean {
    private String user = null;
    private ArrayList groups = new ArrayList();

    public SecurityBean() {
        Subject subject = Security.getCurrentSubject();
        Set allPrincipals = subject.getPrincipals();
        for (Principal principal : allPrincipals) {
            if (principal instanceof WLSGroupImpl) {
                System.out.println("Found WLS Group: " + principal.getName());
                groups.add(principal.getName());
            }
            if (principal instanceof WLSUserImpl) {
                System.out.println("Found WLS User: " + principal.getName());
                user = principal.getName();
            }
        }
    }


    public String getCurrentUserGroups() {
        String curGroups = "";
        for (String group : groups) {
            curGroups = curGroups + ", " + group;
        }
        return curGroups;
    }

    public String getCurrentUserRoles() {
        ADFContext adfctx = ADFContext.getCurrent();
        String[] roles = adfctx.getSecurityContext().getUserRoles();
        String curRoles = "";
        for (String role : roles) {
            curRoles = curRoles + ", " + role;
        }
        return curRoles;
    }


    public boolean isWlsUserGroup() {
        for (int i = 0; i < groups.size(); i++) {
            if ("users".equalsIgnoreCase(groups.get(i))) {
                return true;
            }
        }
        return false;
    }

    public boolean isContainerUserRole() {
        if (FacesContext.getCurrentInstance().getExternalContext().isUserInRole("valid-users")) {
            return true;
        }
        return false;
    }

    public String getCurrentUser() {
        return user;
    }
}

3. 运行
使用sking/welcome1登录,发现SecurityContext.getUserRoles()返回的是sking所属的组和角色信息,而不只是角色信息,这一点和我们想的有些出入。

Project 下载:SecureApplication(getUserRoles).7z

参考文献:
1. http://blog.whitehorses.nl/2010/01/29/weblogic-web-application-container-security-part-1/
2. http://blog.whitehorses.nl/2010/02/01/weblogic-web-application-container-security-part-2-adf-security/
标签:

没有评论:

发表评论

订阅: 博文评论 (Atom)