[jboss-user] [JBoss Portal] - Re: Servlet calling java:portal/UserModule

Antoine_h do-not-reply at jboss.com
Sat Mar 22 03:28:52 EDT 2008 

bad idea....
(by the way, just a question : if you encounter a problem with the database, will you try to directly read the db file and decrypt it to get your info ?... just joking to try make you relax a little... and not go further in what I think is a wrong direction)

well, what I would recommend is :
 - use the clean way : with the getPrincipal() from the servlet request
 - but for this, I guess you have to read some doc about all this... to understand what's going on in the security process, and how to use it in your servlet.

you will make a real stable code and application,... and learn a lot about all this... for the next needs...

a few things to read that will be helpfull (if you have not read it yet... ;-) : 
 - the jsr-168 doc : look for the things about portlets and servlets "relation". (search for servlet word in the doc). this is really worthwhile.
 - the portal documentation about login, security, the use of JAAS and Tomcat
 - search the servelt api for things about the getPrincipal() method, on the servlet request.

***************************
by the way, in your servlet, the getPrincipal() will return you a java principal, that is the one of the user logged in the portlet... only if the servlet is registered under the same tomcat security domains than the portlet.
I mean : the serlet can tell you if the portal user is logged, only if it is registered under the same security domain, with the portal.
Did you check this ?

about this : read about Tomcat and JAAS authentication process.
and look at how this is defined in the web.xml that define the portal main servlet.
basicaly, you may copy the configuration of the the portal main servlet, into the war of your servlet.

the file to look at  are :
...\deploy\jboss-portal.sar\portal-server.war\WEB-INF\jboss-web.xml
...\deploy\jboss-portal.sar\portal-server.war\WEB-INF\web.xml
...\deploy\jboss-portal.sar\conf\login-config.xml (but this one should not be usefull...)

hope it helps...






View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4138397#4138397

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4138397

More information about the jboss-user mailing list