Is it possible to inject the user and role information from an external authentication engine through HTTP headers? I want to somehow configure the portal to blindly use the user/role that are being passed as HTTP headers in the first request.
From what I have been reading so far, I believe it's possible to write a custom login module and override validatePassword method to not verify the password in portal's data source. But I am not sure how I can make the portal blindly use the user/role strings in the HTTP header of the incoming request?
JBoss Portal uses the servlet container authentication mechanisms, so you if you are able to do that using a normal servlet then you could apply to the the PortalServlet configured in jboss-portal.sar/portal-server.war