Globally, you need to provide a transaction to the UserModule.

more detail :
the UserModule uses hibernate to query the database about the user.
it will do so inside a JTA transaction, for all the advantages of using transactions with database processing.

but, the user module does not build it's own transaction.
it must be provided by the container.

the container provide the transaction to any instance who ask for it.
This is usually done by injection.

in the portlets, the injection of the transaction is done by adding the "transaction required" element in the portlet descriptor. This is in the jboss-portlet.xml description file.
you can see this in the jboss-portlet.xml that is in the identity module (see the identity sar)

in your servlet, there is no (not yet) the transaction injection, for the user module.

you have to tell that your servlet processing needs a transaction.

that's where I am not sure anymore : I don't know much about the servlet.

but I guess that with some annotation, you should get this transaction injected on the servlet methods etc...

search in the web about : transaction injection servlet tomcat etc...

look also about the transaction manager of jboss : may be also possible to call it by jndi and get the current transaction for the current thread etc...

look also at hibernate / transaction / injection etc...

hope this help for a start

I don't know exactly, but I would not do like that.

I don't think that using a identitySessionFactory.openSession() is the proper way.

1) did you search the forum post before you posted your question ?
I am quite sure there is some post about this kind of things.

2) to be able to know if the user is registered or not, you can use the security feature and not the directly rebuild it with the user module, etc...
The getPrincipal() method of the servlet request is for that.
may be it is not enough for what you need ?

3) look at how the portlet servlet get the transaction, when the descriptor tells to the container to inject one.
any portlet is also in a servlet : so the way it get the transaction is the best example to do it...

ok, the other post say it is ok to do it this way.
so why not.

but for your need, yes, getting the principal from the security checking is enough...
you don't need to reproduce the password checking etc....

get the principal :
you can get the principal from the portlet request...

and also from the servlet request...

so, yes, you can get it from your servlet, even if out of any portlet or so.

in fact, the JBoss Portal relies on JAAS/Tomcat integration for setting up the Portal security.

the JAAS/Tomcat make the security authentification, then provide the principal to any servlet running under the security domain.

the principal is the same for the portlet and the servlet (read the JSR-168 about that).

look a HTTPServletRequest and the getPrincipal() method.

and how to use it to know if the user is logged in etc....

(I will be out of office for a while...)

bad idea....
(by the way, just a question : if you encounter a problem with the database, will you try to directly read the db file and decrypt it to get your info ?... just joking to try make you relax a little... and not go further in what I think is a wrong direction)

well, what I would recommend is :
- use the clean way : with the getPrincipal() from the servlet request
- but for this, I guess you have to read some doc about all this... to understand what's going on in the security process, and how to use it in your servlet.

you will make a real stable code and application,... and learn a lot about all this... for the next needs...

a few things to read that will be helpfull (if you have not read it yet... ;-) :
- the jsr-168 doc : look for the things about portlets and servlets "relation". (search for servlet word in the doc). this is really worthwhile.
- the portal documentation about login, security, the use of JAAS and Tomcat
- search the servelt api for things about the getPrincipal() method, on the servlet request.

***************************
by the way, in your servlet, the getPrincipal() will return you a java principal, that is the one of the user logged in the portlet... only if the servlet is registered under the same tomcat security domains than the portlet.
I mean : the serlet can tell you if the portal user is logged, only if it is registered under the same security domain, with the portal.
Did you check this ?

about this : read about Tomcat and JAAS authentication process.
and look at how this is defined in the web.xml that define the portal main servlet.
basicaly, you may copy the configuration of the the portal main servlet, into the war of your servlet.

the file to look at are :
...\deploy\jboss-portal.sar\portal-server.war\WEB-INF\jboss-web.xml
...\deploy\jboss-portal.sar\portal-server.war\WEB-INF\web.xml
...\deploy\jboss-portal.sar\conf\login-config.xml (but this one should not be usefull...)

hope it helps...

yes...
when you ask for the current transaction, it uses a static method of a special class to get the singleton transaction that is currently on.

if you have some hibernate jar in your project, ... then you have two classes loaded, in two class loader.
the one in jboss, and the one in the "webapp local class loader".

the jboss has an active transaction in the singleton, because it started it (that's it's job)
but the webapp local class loader has none.


good to hear you solved it.

Hello,

I used the code which you had given in my portlet. But it showing error as portal not bound.

I am new to JBOSS, Can you please help me that in order to run the above code.

Should i change any configuration xml files in JBOSS. Please help me out.

at initial context the error is poinitng to.

Thanks & Regards,

Ashwini