使用SecurityContext.getUserRoles()获取用户的角色和组信息

运行环境：JDeveloper 11.1.2.4.0 + Oracle Database 11gR2 Express Edition。

本实验的目的是比较Container Security和ADF Security API，本实验基于《为ADF
Web应用增加安全》。

1. 在products.jsf中增加如下代码：

<af:inputText label="User" id="it1" value="#{securityBean.currentUser}"/>

<af:inputText label="Groups" id="it2" value="#{securityBean.currentUserGroups}"/>

<af:inputText label="Roles" id="it3" value="#{securityBean.currentUserRoles}"/>

<af:inputText label="Belong To WLS Group: users ?" id="it4" value="Got the users role from weblogic"

rendered="#{securityBean.wlsUserGroup}" columns="80"/>

<af:inputText label="Belong To WLS Role: valid-users" id="it5" value="Got the valid-users mapped by weblogic.xml"

rendered="#{securityBean.containerUserRole}" columns="80"/>

2. 对应的SecurityBean.java代码如下：

package view;

import java.security.Principal;

import java.util.ArrayList;

import java.util.Set;

import javax.faces.context.FacesContext;

import javax.security.auth.Subject;

import oracle.adf.share.ADFContext;

import weblogic.security.Security;

import weblogic.security.SubjectUtils;

import weblogic.security.principal.WLSGroupImpl;

import weblogic.security.principal.WLSUserImpl;

public class SecurityBean {

private String user = null;

private ArrayList groups = new ArrayList();

public SecurityBean() {

Subject subject = Security.getCurrentSubject();

Set allPrincipals = subject.getPrincipals();

for (Principal principal : allPrincipals) {

if (principal instanceof WLSGroupImpl) {

System.out.println("Found WLS Group: " + principal.getName());

groups.add(principal.getName());

}

if (principal instanceof WLSUserImpl) {

System.out.println("Found WLS User: " + principal.getName());

user = principal.getName();

}

}

}

public String getCurrentUserGroups() {

String curGroups = "";

for (String group : groups) {

curGroups = curGroups + ", " + group;

}

return curGroups;

}

public String getCurrentUserRoles() {

ADFContext adfctx = ADFContext.getCurrent();

String[] roles = adfctx.getSecurityContext().getUserRoles();

String curRoles = "";

for (String role : roles) {

curRoles = curRoles + ", " + role;

}

return curRoles;

}

public boolean isWlsUserGroup() {

for (int i = 0; i < groups.size(); i++) {

if ("users".equalsIgnoreCase(groups.get(i))) {

return true;

}

}

return false;

}

public boolean isContainerUserRole() {

if (FacesContext.getCurrentInstance().getExternalContext().isUserInRole("valid-users")) {

return true;

}

return false;

}

public String getCurrentUser() {

return user;

}

}

3. 运行

使用sking/welcome1登录，发现SecurityContext.getUserRoles()返回的是sking所属的组和角色信息，而不只是角色信息，这一点和我们想的有些出入。





Project 下载：SecureApplication(getUserRoles).7z

参考文献：

1. http://blog.whitehorses.nl/2010/01/29/weblogic-web-application-container-security-part-1/
2. http://blog.whitehorses.nl/2010/02/01/weblogic-web-application-container-security-part-2-adf-security/ http://maping930883.blogspot.com/2012/05/adf128securitycontextgetuserroles.html