[jboss-user] [JBoss Portal] - Re: CMSException(Access denied) for pdf or doc content

briankous do-not-reply at jboss.com
Fri Aug 21 19:15:16 EDT 2009

I found that user is saved in session, but not the roles. Therefore, I changed the viewfile.jsp and pending_items.jsp so that roles are saved in the session. 
I also changed the CMSPreviewServlet so that it retrieves the roles from the session and put it in JCRCMS object. Now it is working fine. The changed codes are as follows. 

Following are added to the jsp's. 

Set roles = new HashSet(); 

// Get the current authenticated subject through the JACC contract 
Subject subject = (Subject)PolicyContext.getContext("javax.security.auth.Subject.container"); 

if (subject != null) 
Set tmp = subject.getPrincipals(JACCPortalPrincipal.class); 
JACCPortalPrincipal pp = null; 
for (Iterator k = tmp.iterator(); k.hasNext();) 
pp = (JACCPortalPrincipal) k.next(); 
if (pp != null) 
if (pp == null) 
pp = new JACCPortalPrincipal(subject); 

// Lazy create all the permission containers for the given role names 
for (Iterator k = pp.getRoles().iterator(); k.hasNext();) 
Principal role = (Principal) k.next(); 
request.getSession().setAttribute("remoteRoles", roles); 

Following were added to CMSPreviewServlet 

Set roles = (Set)request.getSession().getAttribute("remoteRoles"); 

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4250977#4250977

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4250977

More information about the jboss-user mailing list