I convert a project from "form" submit based to dwr (ajax) submit. both work fine together.
At the top security(login, portlet access) level i will use jboss.
Like in any project :-) some actions must be valid only to some users. Since dwr is just servet, i must check user right here too.
From the dwr servlet i succesfully have access to user and role module, but to know who is logged in, the only solution I found so far is by storing the user name into a session attribute.
in portlet with admin/secure op :
// somewhere in the doView String ruser = request.getRemoteUser(); if (ruser != null) { PortletSession sss = request.getPortletSession(true); if (sss != null) { sss.setAttribute("ruser", ruser, PortletSession.APPLICATION_SCOPE); } }
WebContext ctx = WebContextFactory.get(); HttpServletRequest req = ctx.getHttpServletRequest(); HttpSession sss = req.getSession(false); if (sss != null) { String ruser = (String)sss.getAttribute("ruser"); if( ruser !=null ){ // user auth // now check againt jboss through role module etc..... } }