[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-2404) WSRP implementation does not executes getUserPrincipal() when the portlet is invoked remotely
Chris Laprun (JIRA)
jira-events at lists.jboss.org
Thu May 28 15:59:59 EDT 2009
[ https://jira.jboss.org/jira/browse/JBPORTAL-2404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12469551#action_12469551 ]
Chris Laprun commented on JBPORTAL-2404:
----------------------------------------
The reason why it currently returns null is because returning anything else that would make sense in a secure context would require support for WS-Security. I could implement something that would return a Principal matching the information provided by the UserContext, however, there wouldn't be any security guarantees usually associated with Principal...
> WSRP implementation does not executes getUserPrincipal() when the portlet is invoked remotely
> ---------------------------------------------------------------------------------------------
>
> Key: JBPORTAL-2404
> URL: https://jira.jboss.org/jira/browse/JBPORTAL-2404
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal WSRP
> Affects Versions: 2.7.2 Final
> Environment: Red Hat Enterprise Linux 5
> Reporter: Ricardo Ferreira
> Assignee: Chris Laprun
> Attachments: JBH.ear
>
>
> The JBoss Portal implementation does not executes correctly API invocations related to the principal retrieve from the portlet contêiner. When you executes a local portlet, the API call "HttpServletRequest.getUserPrincipal()" works fine. But when you install this same portlet in a remote portlet container using WSRP, the API call returns "null".
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list