-
1. Re: Problem with new PortalIdentity and Roles
vojeda Apr 16, 2008 2:00 PM (in response to antoine_h)Hi Antoine,
in my components.xml I hava<security:identity authenticate-method="#{authenticator.authenticate}"/>
and in my Authenticator bean@SuppressWarnings("unchecked") public boolean authenticate() { String queryStr = "SELECT u FROM UserLogin u " + "WHERE u.userName=#{identity.username} AND u.userPassword=#{identity.password}"; System.out.println("QUERYSTR --> " + queryStr + " <--"); List results = em.createQuery(queryStr).getResultList(); if (results.size()==0 ) { return false; } else { user = (UserLogin) results.get(0); return true; } }
what is the normal way to do an authentification. However, with the new PortalIdentity this method is never called. I think this is logical because the portal already has done the process but the question is: how to assign the application roles? Nice if it can bring the portal roles, too :-)
Thanks,
Victor -
2. Re: Problem with new PortalIdentity and Roles
bdaw Apr 17, 2008 9:54 AM (in response to antoine_h)What behaviour do you actually expect?. If you decide to use portal authentication (so portal user base) why do you want to double authentication? If you just want to add more roles why not adding them in portal or using portal API? What is your usecase? btw. the sso integration is just one class:
http://anonsvn.jboss.org/repos/portletbridge/trunk/extensions/seam/identity/src/main/java/org/jboss/portletbridge/extension/seam/PortalIdentity.java
so you can easily extend it. -
3. Re: Problem with new PortalIdentity and Roles
vojeda Apr 17, 2008 10:18 AM (in response to antoine_h)Hi,
I think that my English is not good enough (sorry, I'm from Paraguay) because I don't want double authentification. I just want a way to add application roles (they can be portal roles) to my application in order to use thes:hasRole
construction. I doesn't work with the portal roles. Then, I need to assign the roles to the Identity (or PortalIdentity in this new case)
Regards,
Victor -
4. Re: Problem with new PortalIdentity and Roles
bdaw Apr 17, 2008 10:29 AM (in response to antoine_h)ok... I think I know whats your problem is then :) To be able to check membership against portal roles you need to do a proper role mapping in portlet.xml
<security-role-ref> <role-name>role_name</role-name> <role-link>role_name</role-link> </security-role-ref>
Then isUserInRole() - the one that is used in Identity.hasRole() will return proper stuff. You can also map your own role names to portal ones. Look at the security chapter in the portlet spec. -
5. Re: Problem with new PortalIdentity and Roles
vojeda Apr 20, 2008 2:27 AM (in response to antoine_h)No luck. I put
<security-role-ref> <role-name>myrole</role-name> <role-link>myrole</role-link> </security-role-ref>
in portlet.xml without success. After that I also put<security-role> <role-name>myrole</role-name> </security-role>
in web.xml but always PortalIdentity.hasRole("myrole") returns false ):
Any other suggestion?
By the way, who was the "wise mind" that thought that declarative roles was the best option? I think that roles are dynamic and don't have to be linked to deployment time as is the case if you use portlet.xml, web.xml and so on. What if you define a new role? Have you to redeploy the portlet after the changes?
Regards,
Victor -
6. Re: Problem with new PortalIdentity and Roles
jimjxr Apr 24, 2008 12:28 PM (in response to antoine_h)security-role-ref is the right way to go, you just need to make sure the role name inside <role-link> is a role declared in portal's role management, and the user is assigned to this role in portal's user management. (This declartion because useful if your portlet is deployed to different portals which uses different role names for a particular role you used in portlet)