2 Replies Latest reply on Jan 21, 2009 2:39 AM by grandboy

    Custom Tomcat Value Implementation - Dashboard Access Denied

    groovenarula

      I'm trying to integrate JBoss Portal with an existing 'Single Sign On' framework that works similar to how Site Minder works. We don't have the option to swap out the framework so we don't have a choice but figure out how to get this to work.

      The framework authenticates the user and provides the users identity through a HTTP Header. I am thinking of creating a custom 'Tomcat Value' that will read the user's login name from the HTTP header and then use that to set the 'request's' principal. In order to test this theory, I have the following code that set's the request's principal to 'admin' :

      public void invoke(Request request, Response response)
      throws IOException, ServletException {

      List roles = new ArrayList();
      String username = "admin";

      roles.add("Authenticated");
      roles.add("Admin");
      roles.add("User");

      request.setUserPrincipal(new CustomPrincipal(
      request.getContext().getRealm(), username, roles));

      // now execute all other valves
      getNext().invoke(request, response);
      }

      On accessing the portal, the portal does indicate that I've 'Logged in as: admin'. However when I click on the 'Dashboard' link, I get a '403 - Access denied error'.

      What am I missing here ? We are in the process of evaluating different portals for our next project and am convinced that JBoss portal will be the right fit for us. So I really need to get this working with our framework.

      If I'm using the worng technique and please do let me know that as well. Any help will be truly appreciated.

      Thanks
      Groove