I have an Primefaces application where using authentication/authorisation throught JAAS running on Tomcat. User roles and secured folders are defined in web.xml. My problem is, that I need to change user roles while he is logged in. Basically, I need when user click on button to add him admin role a let him see pages in /admin folder. I was searching long time to find solution, but without success. I can only see logged user name and check, if he has role by this code:
HttpServletRequest request = (HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest();
request.getUserPrincipal();
request.isUserInRole("admin");
I found one answer that this code should work, but I only get null Subject:
Subject.getSubject(AccessController.getContext());
Is it possible to change user role without need to log in again, and if so, how can I do it?
I fixed it with automatic logout/login the user:
getRequest().logout(); getRequest().login(userName, newPassword);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.