[jboss-user] [JBoss Portal] - Re: Access userPrincipal from Servlet

[Antoine_h]

I look at the CMSExportServlet in the jboss portal sources. It does not enforce security... so it is a bad track. sorry.

where is your servlet ?
calling the jndi service for the subject works with the filter put in web.xml of the portal-server.war.
This web app is the context where the sercurity domain is defined.
so if not in this context, then that is why the subject is not found 
sounds logical if there are none defined in your web app, no ?
I am not sure, but sound logical...

I am not good enough at tomcat, security realm, domains, etc... 
but I guess you can manage to set your web app to share the same authentification "domain" as the one of the portal, ie the one of portal-server.war

or look at jboss security ref guide, and how to secure a web app.
they explain how to set it in a web app, and compare with the portal-server.war web app.

hope it helps...


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4037934#4037934

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4037934