3 Replies Latest reply on Sep 29, 2005 9:28 AM by Bradley Smith

    How to authenticate within portlet?

    Marcel Kostal Newbie

      I want to create a portlet that will display a login form with userName and password if the user is not logged in and logged in user if user is logged in.
      The problem I have is that I want to have this portlet on each page, therefore there is no static page (as login.jsp by default) that can be used as login form. I tried to call "j_security_check" within my form (with j_username field and j_password fields) but with no success.

      Does anyone have experience how to do it? Or is there another way how to login the user?

        • 1. Re: How to authenticate within portlet?
          Bradley Smith Master

          I have solved this problem using JBoss Portal - my solution is sketched out here. The basis of the solution is you will need to do 3 things.

          1. Develop your main portal page including login portlet. Create appropriate security constraints in web.xml (require FORM based authentication, etc.) - our 'main' portal page (and portlets) will be
          packaged in .war file and we access it under the context:


          a.) in your web.xml (I modified JBoss's jboss-portal.sar/portal-server.war/WEB-INF/web.xml as I wanted to replace the entire look-and-feel of the portal and apply my security constraints - you can make similar modifications to your own portal web.xml. ), add security constraints for your page:

          <?xml version="1.0"?>
          <!DOCTYPE web-app PUBLIC
           "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
           <realm-name>Odyssey SMF Portal</realm-name>

          b. Sample view.jsp for your login portlet (which use in both your main portal and your login portal) SEE NEXT POST - OUT OF SPACE HERE

          2. Develop a second portal, let's call it /login/*, packaged in its own war - this second portal needs a copy of the page you designed in step 1. and it needs to be created as the default page (in login-portal.xml) for /login/*. We will access (indirectly - described below) using this URL:


          3. Modify your JBoss Portal installation:

          a.) In */jboss-portal.sar/portal-server.war/login.jsp change it to redirect to your login portal (here is my login.jsp)

          <% response.sendRedirect("/portal/login/"); %>

          b.) Create */jboss-portal.sar/portal-server.war/logout.jsp and put this code in it:

          <% session.invalidate();


          • 2. Re: How to authenticate within portlet?
            Bradley Smith Master

            LoginPortlet's view.jsp

            <c:choose> <!-- NOTE MISSING $ !!! - BB BLOWS UP IF I PUT IT HERE -->
            <c:when test="[DOLLAR SIGN HERE]{empty renderRequest.remoteUser}">
            <form method="POST" action="j_security_check" onsubmit="checkLogin(this);">
            <table width="100%" cellpadding="0" cellspacing="0">
             <td align="right" width="100">
             <td align="left">
             <input type="text" name="j_username" value=""/>
             <td align="right" width="100">
             <td align="left">
             <input type="password" name="j_password" value=""/>
             <td colspan="2" align="center">
             <input type="submit" name="login" value=" Login "/>
             <td align="left"><span class="portlet-form-field-label">Logged in as: </span><span>[DOLLAR SIGN HERE]{renderRequest.remoteUser}</span></td>
             <td align="right"><a href="/portal/logout.jsp">Logout</a></td>

            • 3. Re: How to authenticate within portlet?
              Bradley Smith Master

              Another point, here are the contents of my login.war:

              bash-2.05b$ jar tvf login.war
               0 Thu Jul 21 11:48:44 EDT 2005 META-INF/
               398 Thu Jul 21 11:48:42 EDT 2005 META-INF/MANIFEST.MF
               0 Thu Jul 21 11:48:40 EDT 2005 WEB-INF/
               57 Thu Jul 21 11:38:32 EDT 2005 WEB-INF/jboss-app.xml
               440 Thu Jul 21 11:38:12 EDT 2005 WEB-INF/jboss-web.xml
               3771 Thu Jul 21 11:37:44 EDT 2005 WEB-INF/login-portal.xml
               586 Thu Jul 21 11:48:40 EDT 2005 WEB-INF/web.xml

              Note there is no code(or pages) it simply references the portlets deployed in my main portal