[jboss-user] [JBoss Portal] - Custom Tomcat Value Implementation - Dashboard Access Denied
groovenarula
do-not-reply at jboss.com
Wed Dec 26 00:56:59 EST 2007
I'm trying to integrate JBoss Portal with an existing 'Single Sign On' framework that works similar to how Site Minder works. We don't have the option to swap out the framework so we don't have a choice but figure out how to get this to work.
The framework authenticates the user and provides the users identity through a HTTP Header. I am thinking of creating a custom 'Tomcat Value' that will read the user's login name from the HTTP header and then use that to set the 'request's' principal. In order to test this theory, I have the following code that set's the request's principal to 'admin' :
public void invoke(Request request, Response response)
throws IOException, ServletException {
List roles = new ArrayList();
String username = "admin";
roles.add("Authenticated");
roles.add("Admin");
roles.add("User");
request.setUserPrincipal(new CustomPrincipal(
request.getContext().getRealm(), username, roles));
// now execute all other valves
getNext().invoke(request, response);
}
On accessing the portal, the portal does indicate that I've 'Logged in as: admin'. However when I click on the 'Dashboard' link, I get a '403 - Access denied error'.
What am I missing here ? We are in the process of evaluating different portals for our next project and am convinced that JBoss portal will be the right fit for us. So I really need to get this working with our framework.
If I'm using the worng technique and please do let me know that as well. Any help will be truly appreciated.
Thanks
Groove
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4115438#4115438
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4115438
More information about the jboss-user
mailing list