[jboss-user] [JBoss Portal] - Sharing portal security realm with a servlet

engela do-not-reply at jboss.com
Fri Mar 30 05:50:08 EDT 2007


I have a servlet MyServlet which is deployed in the same war file as a portlet MyPortlet.

The view of MyPortlet references the MyServlet  to generate some content:

<%@ taglib uri="http://java.sun.com/portlet" prefix="portlet" %>
  | <%@ page isELIgnored="false" %>
  | <portlet:defineObjects/>
  | <table width="100%" cellpadding="2" border="0">
  | <tr>
  |    <td class="portlet-section-body" >
  |      MyPortlet
  |    </td>
  | </tr>
  | <tr>
  |    <td class="portlet-section-body" >
  |      <img src="<%= request.getContextPath() %>/MyPortlet" />
  |    </td>
  | </tr>
  | </table>

Is it possible for the servlet to share the same security realm i.e. so that the 
request.getRemoteUser();
  | request.getPrinicipal() ;
return the current user and 
request.isUserInRole("MyUser") ;
returns true?

I declared the role "MyUser" in the web.xml:

<web-app>
  |    <servlet>
  |       <servlet-name>MyPortlet</servlet-name>
  |       <display-name>MyPortlet</display-name>
  |       <servlet-class>MyPortlet</servlet-class>
  |    </servlet>
  |    
  |    <servlet-mapping>
  |       <servlet-name>MyPortlet</servlet-name>
  |       <url-pattern>/MyPortlet</url-pattern>
  |    </servlet-mapping>
  |    
  |       <security-role>
  |         <role-name>MyUser</role-name>
  |      </security-role>
  |   </web-app>

Additionally I have added the jboss-web.xml  file to the WEB-INF directory and added the line:

<jboss-web>
  |    <security-domain>java:jaas/portal</security-domain>
  | </jboss-web>

This doesn't seem to do the trick? Am I missing something or can servlet not share the security realm of the portal?a 

(The servlet should be only accessible to authenticated users i.e. I quite like to add some security constraint to the web.xml for the servlet)

Thanks,

Anette

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033073#4033073

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033073



More information about the jboss-user mailing list