3 Replies Latest reply on Mar 18, 2007 4:48 PM by julien1

    Should portlet and servlet from same web app be able to shar

    mchan_98
    mchan_98 Mar 16, 2007 3:26 PM

      Hi everyone,

      My portlet has a link to a servlet within the same web application. However, since portlet is deployed by the JBoss portal web app and my servlet has its own web context, the user credential is not shared between the two.

      e.g. In my portlet code,
      I have:
      request.getRemoteUser() == "myuserId"

      but in my servlet code,
      request.getRemoteUser() == null

      Note that both the portlet and the servlet are from the same WAR file.

      Here is my portlet link:
      https://www.obeliskfinancial.com/portal/authsec/portal/Sundial/Reporting

      Within the portlet page, I have a link to my servlet in the same war (note the different context path)
      https://www.obeliskfinancial.com/sundial-web/ReportingServlet?designFile=somefile

      Is that an expected behavior or a bug in Jboss? I dig through the JSR 168 spec and cannot find anything. Have anyone experience this?

      environment:

      jboss-portal-2.4.0 [bundle download]
      OS Platform [Redhat Linux/Windows XP]

      Thanks,

      Michael Chan
      Director of Development

      Obelisk Financial
      http://www.obeliskfinancial.com

      • 1251 Views
      • Tags:
        • 1. Re: Should portlet and servlet from same web app be able to
          bdaw
          bdaw Mar 16, 2007 6:52 PM (in response to mchan_98)

          1) This question should go to the user forum....

          2) Yes its the expected behavior. Portlet and Servlet exist in the same web application, so you can for example share session between them (PortletSesion is a wrapper around HttpSession) in application scope. But remember that Portal is also separate web application itself. So when you log in you authenticate against portal web app - not portlet web app. Communication between portal and portlet is done by instrumenting portlet web app with special servlet and context dispatching.

          If you need to validate that user is authenticated, store some kind of token into PortletSession and try to obtain it from HttpSession in your servlet.

            • Actions
          • 2. Re: Should portlet and servlet from same web app be able to
            mchan_98
            mchan_98 Mar 17, 2007 9:40 PM (in response to mchan_98)

            First, Thank you very much for your response. Next, sorry for posting in the wrong forum.

            I have thought of the solution that you have proposed. It's doable, just not as clean, I guess.

            I just think it's kind of strange that the portal web app and portlet web app can share session, but not user's credential . BTW, does the JSR 168 explicitly say that the portal web app and portlet web app cannot share user credential? I tried to search for that but can't.

            Thanks,

            Michael Chan
            Director of Development

            Obelisk Financial
            http://www.obeliskfinancial.com

              • Actions
            • 3. Re: Should portlet and servlet from same web app be able to
              julien1 Mar 18, 2007 4:48 PM (in response to mchan_98)

              the other solution is to enable SSO in tomcat.

                • Actions