Over a million developers have joined DZone.

LifeRay & JSf : How to get current logged User ?

· Java Zone

Check out this 8-step guide to see how you can increase your productivity by skipping slow application redeploys and by implementing application profiling, as you code! Brought to you in partnership with ZeroTurnaround.

I try here to show how can we detect current signed user, his name, his id and his attributed permissions.

First of all I create the following interface IPermissionChecker

package com.jTunisie.security;

import com.jTunisie.exception.PermissionException;

public interface IPermissionChecker {

String getUserId() throws PermissionException;

String getName() throws PermissionException;

boolean hasPermission(String permission) throws PermissionException;
}
An implementation for this class is PermissionCheckerImpl under com.jTunisie.security.permission.liferay package. This will help me to change implementation from one portal to an other.

 

package com.jTunisie.security.permission.liferay;

import com.jTunisie.security.IPermissionChecker;
import com.liferay.portal.PortalException;
import com.liferay.portal.SystemException;
import com.liferay.portal.kernel.util.WebKeys;
import com.liferay.portal.model.Role;
import com.liferay.portal.service.RoleServiceUtil;
import com.liferay.portal.theme.ThemeDisplay;
import com.jTunisie.exception.PermissionException;
import java.rmi.RemoteException;
import java.util.List;
import java.util.logging.Logger;
import javax.faces.context.FacesContext;


public class PermissionCheckerImpl implements IPermissionChecker {

private static Logger logger = Logger.getLogger(PermissionCheckerImpl.class.getName());

public String getUserId() throws NullPointerException {
String userId = null;
try {
userId = getUser().getLogin();
} catch (Exception ex) {
logger.severe(ex.getMessage());
throw new NullPointerException(ex.getMessage());
}
return userId;
}

public String getName() throws PermissionException {

String name = null;
try {
name = getUser().getFullName();
} catch (Exception ex) {
logger.severe(ex.getMessage());
throw new PermissionException(ex.getMessage());
}
return name;
}

public boolean hasPermission(String permission) throws PermissionException {
try {
List<Role> roles = RoleServiceUtil.getUserRoles(getUser().getUserId());

for (Role role : roles) {
if (role.getName().equalsIgnoreCase(permission)) {
return true;
}
}
return false;
} catch (PortalException ex) {
logger.severe(ex.getMessage());
throw new PermissionException(ex.getMessage());
} catch (SystemException ex) {
logger.severe(ex.getMessage());
throw new PermissionException(ex.getMessage());
} catch (RemoteException ex) {
logger.severe(ex.getMessage());
throw new PermissionException(ex.getMessage());
}

}

private User getUser() {
return ((ThemeDisplay) FacesContext.getCurrentInstance().getExternalContext().getRequestMap().get(WebKeys.THEME_DISPLAY)).getUser();
}
}

And I declare this interface on one of my JSF session beans (here SessionBean1 as I use Netbeans 6 by default) :

  private IPermissionChecker permissionChecker;

public IPermissionChecker getPermissionChecker() {
return permissionChecker;
}

public void setPermissionChecker(IPermissionChecker permissionChecker) {
this.permissionChecker = permissionChecker;
}

Finally, I use IoC provided by JSF to inject my implementation. Here a snipped code from faces config.xml :

   <managed-bean>
<managed-bean-name>SessionBean1</managed-bean-name>
<managed-bean-class>com.jTunisie.SessionBean1</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
<managed-property>
<property-name>permissionChecker</property-name>
<value>#{LifeRayPermissionChecker}</value>
</managed-property>
</managed-bean>
<managed-bean>
<managed-bean-name>LifeRayPermissionChecker</managed-bean-name>
<managed-bean-class>com.jTunisie.security.permission.liferay.PermissionCheckerImpl</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>

I tried to use JSR 168 for this purpose but I can't cast PortletRequest to HttpservletRequest. Any idea will be helpful.

 

The Java Zone is brought to you in partnership with ZeroTurnaround. Check out this 8-step guide to see how you can increase your productivity by skipping slow application redeploys and by implementing application profiling, as you code!

Topics:

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}