[JBoss Portal] - Sharing portal security realm with a servlet
by engela
I have a servlet MyServlet which is deployed in the same war file as a portlet MyPortlet.
The view of MyPortlet references the MyServlet to generate some content:
<%@ taglib uri="http://java.sun.com/portlet" prefix="portlet" %>
| <%@ page isELIgnored="false" %>
| <portlet:defineObjects/>
| <table width="100%" cellpadding="2" border="0">
| <tr>
| <td class="portlet-section-body" >
| MyPortlet
| </td>
| </tr>
| <tr>
| <td class="portlet-section-body" >
| <img src="<%= request.getContextPath() %>/MyPortlet" />
| </td>
| </tr>
| </table>
Is it possible for the servlet to share the same security realm i.e. so that the
request.getRemoteUser();
| request.getPrinicipal() ;
return the current user and
request.isUserInRole("MyUser") ;
returns true?
I declared the role "MyUser" in the web.xml:
<web-app>
| <servlet>
| <servlet-name>MyPortlet</servlet-name>
| <display-name>MyPortlet</display-name>
| <servlet-class>MyPortlet</servlet-class>
| </servlet>
|
| <servlet-mapping>
| <servlet-name>MyPortlet</servlet-name>
| <url-pattern>/MyPortlet</url-pattern>
| </servlet-mapping>
|
| <security-role>
| <role-name>MyUser</role-name>
| </security-role>
| </web-app>
Additionally I have added the jboss-web.xml file to the WEB-INF directory and added the line:
<jboss-web>
| <security-domain>java:jaas/portal</security-domain>
| </jboss-web>
This doesn't seem to do the trick? Am I missing something or can servlet not share the security realm of the portal?a
(The servlet should be only accessible to authenticated users i.e. I quite like to add some security constraint to the web.xml for the servlet)
Thanks,
Anette
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033073#4033073
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033073
17Â years, 9Â months