Can anybody help me with a portal security issue?
The question is how to secure different portal instances with different security domains.
For an example I took JBoss demo portal as it is.
Then I have deployed "helloworldportal.war" (mentioned in portal documentation) under "jboss-portal.sar" directory.
Demo portal uses the following security domain (specified in jboss-web.xml file under "portal-server.war"/WEB-INF dir):
For "helloworldportal.war" portal I want to use different security domain.
I have defined "application-policy" in login-config.xml file:
And in the file helloworldportal.war/WEB-INF/jboss-web.xml have specified security domain:
Also for "helloworldportal.war" portal have specified security constraints (in helloworldportal.war/WEB-INF/web.xml file):
Now when I go to url:
nothing happens - my security constraints are ignored.
Could somebody hint what is wrong or how to solve the issue?
Thanks in advance,
your app is accessed via the portal context. Security is checked there. The portal uses a RequestDispatcher to dispatch to your app.
You need to place security constraints into the portal descriptor defining your portal resources. (see examples in the default-object.xml in the core)