add a user to a role dinamically doesn't take effect

Norberto_Jarmoluk · October 6, 2011, 5:35pm

Hi guys

I’ve the following problem:

Adding a user to a role by hand, I mean using “Administration->System->User Management->Roles” takes effect, showing the resources allowed in “Permissions Management”, but when I do the same programatically that permissions seems not to take effect.

This is the code I’am using to do that:

String activeDirectoryPath = “/directory/activedirectory/user/cn=” + userID.toLowerCase() + “;cn=users;dc=dpardirectory;dc=com”;

        Boolean tieneRol = false;
        
        List<IDirectoryRole> listRoles = session.getRoleMembership(activeDirectoryPath);
        
        IDirectoryPrincipal roleIDTU = session.lookupPrincipalByName("tu_users", IDirectoryPrincipal.TYPE_ROLE);	        
       
		for (IDirectoryRole aRole : listRoles)
        	if (aRole.getName().contains("tu_users"))
        		tieneRol = true;
        
        if (! tieneRol)
        	session.addPrincipalToRole(activeDirectoryPath, roleIDTU.getID());

After execution, the user is added correctly (It was verified in Administration->System->User Management->Roles), but I’ve permission errors, seems doesn’t take the permissions correctly, very strange.

Need Help

Best regards.

system · October 7, 2011, 12:19am

You’re not quite using the API correctly. Please have a look at this code sample: http://communities.softwareag.com/ecosystem/communities/codesamples/webmethods/caf/SAMPLE-20110727000610463.html

Regards,
–mark

Norberto_Jarmoluk · October 7, 2011, 4:57pm

I’ve made changes but ocurrs the same problem.

Regards

Gerardo_Lisboa · October 7, 2011, 5:36pm

Some questions:

Have you tried having two different sessions opened (one for the user and other for administrator) and verifying if the changes made in the administrator session are immediately available on the user session?
If you list the user’s roles just after the ‘addPrincipalToRole’ call, is the list correct?
Is there a ‘refresh session’ call we can use to force MwMS to update its permissions check?

Have a nice weekend.

Norberto_Jarmoluk · October 7, 2011, 6:05pm

Gerardo:

My answers to:

Yes, the changes are availables.
Yes.
No.

I’ve tried several times in different sessions and the result is the same. Doesn’t seem a session problem. I think its a bug, since the user is added to rol using both ways, but only works fine when its added from admnistration->system …

regards.

Gerardo_Lisboa · October 7, 2011, 6:12pm

So basically, the user isadded to the role, but that is ignored?
If, as an administrator, you remove it from the role and put it back immediately, it works?

And if the user, which I am supposing has no administrator privileges, tries to add himself manually to the role, than it works?

Could it be that function is only validated when the user has administrator rights?

Norberto_Jarmoluk · October 7, 2011, 8:17pm

My answers:

So basically, the user isadded to the role, but that is ignored? Yes, but only when is added with ‘addPrincipalToRole’

And if the user, which I am supposing has no administrator privileges, tries to add himself manually to the role, than it works? No, “manually” was added by an administrator.

Could it be that function is only validated when the user has administrator rights? Supposing you are refering to ‘addPrincipalToRole’, why the user is added to rol?

Regards

system · October 10, 2011, 7:12pm

If you could, could you please attach a sample app that and instructions that shows what you’re trying to do?
Thanks,
–mark

Norberto_Jarmoluk · October 12, 2011, 3:45pm

Hello Mimel:

Basically, the user log-in using a portlet. These portlet receive the userID as a parameter an impersonates using the parameter. Before, I check if the user belongs to tu_users role (see code above). If the user is not part of the role, is added using addPrincipalToRole. I changed the code following your recommendations in the post above. Note that the user was added correctly, it was verified in Administration->System->User Management->Roles.

“tu_users” role has permission to see some options in the left navigation panel. These options can be seen when the role is assigned using Administration->System->User Management->Roles, but I cannot see that options when the role is assigned programatically.

I hope I made myself clear.

Best regards.

system · October 12, 2011, 9:15pm

That’s a nice description.

I’ve attached a project that shows how to listen for login events. When the event is handled i add a user to the role.

To test this i did the following:

Deploy the Portlet App
Create the sample role named: “RoleSampleApp”
Create a start page rule that redirects all users in the “RoleSampleApp” role to a specific page
Logged in as a random user

The correct start page rule triggered which proves that the user belongs to the correct role.
I’m using 8.2 GA

Hope this helps,
–mark
RoleSampleApp.zip (9.76 KB)

Norberto_Jarmoluk · October 13, 2011, 3:34pm

Thx mimel, I’ll take a look.

Regards.

Norberto_Jarmoluk · October 24, 2012, 8:23pm

It was a cache problem. I made a java service to clear it. Regards.


ICacheManager cacheManager = (ICacheManager) PortalSystem.getComponentProvider(IComponentNames.CACHE);
RoleCache roleCache = (RoleCache)cacheManager.getCache(com.webmethods.portal.service.cache.impl.RoleCache.ROLE_CACHE_NAME);
roleCache.flushAll(true);