How to get Roles from UserPrincipal in Java?
Solution 1
From your code, you inject the username and the roles into your CustomRequestWrapper in constructor. As you have overriden getUserPrincipal in CustomRequestWrapper it returns no longer a tomcat GenericPrincipal but your anonymous class that only knows to return the name of the user you gave, this via getName(). You should try to return a tomcat GenericPrincipal through
@Override
public Principal getUserPrincipal()
{
if (this.user == null)
{
return realRequest.getUserPrincipal();
}
// return a forged GenericPrincipal
return new GenericPrincipal(user, "", roles);
}
Alternatively, you could create a custom implementation of Principal knowing about roles.
That will only work if you successfully inject your user and its roles at CustomRequestWrapper construction.
Solution 2
The exception you mentioned may be the key to solve your issue
CustomRequestWrapper cannot be cast to GenericPrincipal
You have to cast the Principal object and not the CustomRequestWrapper. Here is a sample method that you can add under your CustomRequestWrapper class and which should return the list of user roles under Tomcat AS. (I assume that this is a messy method):
private String[] getRolePrincipal() {
final GenericPrincipal genericPrincipal = (GenericPrincipal) getUserPrincipal();
return genericPrincipal.getRoles();
}
So the final CustomRequestWrapper will be as follows:
public class CustomRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper
{
public CustomRequestWrapper(String User, List<String> roles, HttpServletRequest request)
{
super(request);
this.user = User;
this.roles = roles;
this.realRequest = request;
headerMap = new HashMap();
}
String user;
List<String> roles = null;
HttpServletRequest realRequest;
private Map headerMap;
public void addHeader(String name, String value)
{
headerMap.put(name, new String(value));
}
public Enumeration getHeaderNames()
{
HttpServletRequest request = (HttpServletRequest) getRequest();
List list = new ArrayList();
for (Enumeration e = request.getHeaderNames(); e.hasMoreElements(); )
{
list.add(e.nextElement().toString());
}
for (Iterator i = headerMap.keySet().iterator(); i.hasNext(); )
{
list.add(i.next());
}
return Collections.enumeration(list);
}
public String getHeader(String name)
{
Object value;
if ((value = headerMap.get("" + name)) != null)
return value.toString();
else
return ((HttpServletRequest) getRequest()).getHeader(name);
}
@Override
public boolean isUserInRole(String role)
{
if (roles == null)
{
return this.realRequest.isUserInRole(role);
}
return roles.contains(role);
}
@Override
public Principal getUserPrincipal()
{
if (this.user == null)
{
return realRequest.getUserPrincipal();
}
// make an anonymous implementation to just return our user
return new Principal()
{
public String getName()
{
return user;
}
};
}
public String[] getRolePrincipal() {
final GenericPrincipal genericPrincipal = (GenericPrincipal) getUserPrincipal();
return genericPrincipal.getRoles();
}
}
Nadendla
Updated on June 04, 2022Comments
-
Nadendla almost 2 years
I created a class(Named as CustomRequestWrapper) which is implementing HttpServletRequestWrapper .In CustomRequestWrapper class i am setting user principal.Now in my code i want to get list of roles from the user principal.I tried to use GenericPrincipal Class from tomcat-catalina jar but i am getting casting exception CustomRequestWrapper cannot be cast to GenericPrincipal. Could any one have idea how to get roles from user principal?
Note: I am using Apache Tomcat Server
Here's my code:
public class CustomRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper { public CustomRequestWrapper(String User,List<String> roles,HttpServletRequest request) { super(request); this.user=User; this.roles=roles; this.realRequest=request; headerMap = new HashMap(); } String user; List<String> roles = null; HttpServletRequest realRequest; private Map headerMap; public void addHeader(String name, String value) { headerMap.put(name, new String(value)); } public Enumeration getHeaderNames() { HttpServletRequest request = (HttpServletRequest) getRequest(); List list = new ArrayList(); for (Enumeration e = request.getHeaderNames(); e.hasMoreElements();) { list.add(e.nextElement().toString()); } for (Iterator i = headerMap.keySet().iterator(); i.hasNext();) { list.add(i.next()); } return Collections.enumeration(list); } public String getHeader(String name) { Object value; if ((value = headerMap.get("" + name)) != null) return value.toString(); else return ((HttpServletRequest) getRequest()).getHeader(name); } @override public boolean isUserInRole(String role) { if (roles == null) { return this.realRequest.isUserInRole(role); } return roles.contains(role); } @override public Principal getUserPrincipal() { if (this.user == null) { return realRequest.getUserPrincipal(); } // make an anonymous implementation to just return our user return new Principal() { public String getName() { return user; } }; }}