Problem: Asserting an un-authenticated principal Resolution: Product: BES 5.1 Component: Security It is possible to take a string representing a userid and create a wallet, bypass the authentication statement below and create a principal to assert the identity: IdentityWallet wallet = new IdentityWallet(userName, password.toCharArray(), AUTHENTICATION_REALM); try { Principal userPrincipal = securityContext().authenticate(wallet); securityCurrent().assert (userPrincipal); } Note: import_wallet method will imports an identity into the system. This DOES NOT authenticate the user represented by the given wallet, but returns a principal representing the user.You can make use of the import_wallet method to perform the above described operation. As regarding to the password, it might be advisable to put an empty string instead of null to avoid the NullPointerException . However, the resulted principal object should not have any groups associated with it, you all needed is to cast it to com.borland.security.provider.VisiPrincipal then use the setMultivaluedAttribute method to set the group permissions. Old KB# 15511
↧