3 Replies Latest reply on Sep 29, 2005 9:28 AM by Bradley Smith

    How to authenticate within portlet?

    Marcel Kostal Newbie

      I want to create a portlet that will display a login form with userName and password if the user is not logged in and logged in user if user is logged in.
      The problem I have is that I want to have this portlet on each page, therefore there is no static page (as login.jsp by default) that can be used as login form. I tried to call "j_security_check" within my form (with j_username field and j_password fields) but with no success.

      Does anyone have experience how to do it? Or is there another way how to login the user?

        • 1. Re: How to authenticate within portlet?
          Bradley Smith Master

          I have solved this problem using JBoss Portal - my solution is sketched out here. The basis of the solution is you will need to do 3 things.

          1. Develop your main portal page including login portlet. Create appropriate security constraints in web.xml (require FORM based authentication, etc.) - our 'main' portal page (and portlets) will be
          packaged in .war file and we access it under the context:

          http://myserver:myport/portal/myportal/index.html

          a.) in your web.xml (I modified JBoss's jboss-portal.sar/portal-server.war/WEB-INF/web.xml as I wanted to replace the entire look-and-feel of the portal and apply my security constraints - you can make similar modifications to your own portal web.xml. ), add security constraints for your page:

          <?xml version="1.0"?>
          <!DOCTYPE web-app PUBLIC
           "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
           "http://java.sun.com/dtd/web-app_2_3.dtd">
          <web-app>
          
           ....
          
           <security-constraint>
           <web-resource-collection>
           <web-resource-name>Authenticated</web-resource-name>
           <description></description>
           <url-pattern>/myportal/*</url-pattern>
           </web-resource-collection>
           <auth-constraint>
           <role-name>Authenticated</role-name>
           </auth-constraint>
           </security-constraint>
          
           ...
          
           <login-config>
           <auth-method>FORM</auth-method>
           <realm-name>Odyssey SMF Portal</realm-name>
           <form-login-config>
           <form-login-page>/login.jsp</form-login-page>
           <form-error-page>/login.jsp</form-error-page>
           </form-login-config>
           </login-config>
          
           <security-role>
           <role-name>Authenticated</role-name>
           </security-role>
          
          </webapp>
          
          


          b. Sample view.jsp for your login portlet (which use in both your main portal and your login portal) SEE NEXT POST - OUT OF SPACE HERE

          2. Develop a second portal, let's call it /login/*, packaged in its own war - this second portal needs a copy of the page you designed in step 1. and it needs to be created as the default page (in login-portal.xml) for /login/*. We will access (indirectly - described below) using this URL:

          http://myserver:myport/portal/login/


          3. Modify your JBoss Portal installation:

          a.) In */jboss-portal.sar/portal-server.war/login.jsp change it to redirect to your login portal (here is my login.jsp)

          <% response.sendRedirect("/portal/login/"); %>


          b.) Create */jboss-portal.sar/portal-server.war/logout.jsp and put this code in it:

          <% session.invalidate();
           response.sendRedirect("/portal/myportal/");
          %>
          


          NOTE:

          • 2. Re: How to authenticate within portlet?
            Bradley Smith Master

            LoginPortlet's view.jsp

            ....
            <portlet:defineObjects/>
            <c:choose> <!-- NOTE MISSING $ !!! - BB BLOWS UP IF I PUT IT HERE -->
            <c:when test="[DOLLAR SIGN HERE]{empty renderRequest.remoteUser}">
            <form method="POST" action="j_security_check" onsubmit="checkLogin(this);">
             <b>Login</b><br/><br/>
            <table width="100%" cellpadding="0" cellspacing="0">
             <tr>
             <td align="right" width="100">
             Username:
             </td>
             <td align="left">
             <input type="text" name="j_username" value=""/>
             </td>
             </tr>
             <tr>
             <td align="right" width="100">
             Password:
             </td>
             <td align="left">
             <input type="password" name="j_password" value=""/>
             </td>
             </tr>
             <tr>
             <td colspan="2" align="center">
             <input type="submit" name="login" value=" Login "/>
             </td>
             </tr>
            </table>
            </form>
             </td>
            </tr>
            </c:when>
            <c:otherwise>
            <tr>
             <td align="left"><span class="portlet-form-field-label">Logged in as: </span><span>[DOLLAR SIGN HERE]{renderRequest.remoteUser}</span></td>
             <td align="right"><a href="/portal/logout.jsp">Logout</a></td>
            </tr>
            </c:otherwise>
            </c:choose>
            


            • 3. Re: How to authenticate within portlet?
              Bradley Smith Master

              Another point, here are the contents of my login.war:


              bash-2.05b$ jar tvf login.war
              
               0 Thu Jul 21 11:48:44 EDT 2005 META-INF/
               398 Thu Jul 21 11:48:42 EDT 2005 META-INF/MANIFEST.MF
               0 Thu Jul 21 11:48:40 EDT 2005 WEB-INF/
               57 Thu Jul 21 11:38:32 EDT 2005 WEB-INF/jboss-app.xml
               440 Thu Jul 21 11:38:12 EDT 2005 WEB-INF/jboss-web.xml
               3771 Thu Jul 21 11:37:44 EDT 2005 WEB-INF/login-portal.xml
               586 Thu Jul 21 11:48:40 EDT 2005 WEB-INF/web.xml
              


              Note there is no code(or pages) it simply references the portlets deployed in my main portal