2 Replies Latest reply on Feb 8, 2007 3:53 AM by manuelpalacio

    Showing a secured page when user is logged in

    Reinhard Kiesswetter Newbie

      Hi everybody,

      We am working on a completly new portal.
      We use JBOSS AS 4.0.4 and JBOSS Portal 2.4.

      In the default-object.xml we define a couple of pages including one "Admin" page. This page is secured with a security-constraint (see code below).

      Via an self written login portlet we populate our user with principals and roles (eighter from LDAP Servers or a relational database).

      As we log in as admin and the user has the role "Admin" i hoped the page with the security-contraint would be display, but it is not!!

      Am I missing something? I read throug this forum, the wiki and the adminguide and did not find a solution for this problem.

      Some hint would be nice
      thx rkiesi

      Here the code form the default-object.xml
      Code:

      <deployment>
       <if-exists>keep</if-exists>
       <parent-ref>default</parent-ref>
       <page>
       <page-name>Admin</page-name>
       <security-constraint>
       <policy-permission>
       <role-name>Admin</role-name>
       <action-name>viewrecursive</action-name>
       </policy-permission>
       </security-constraint>
       </page>
       </deployment>
      





      and the principals and roles of the user after login
      Principals for user admin: admin***Roles(members:Admin)***

        • 1. Re: Showing a secured page when user is logged in
          David Roberts Apprentice

          Did you solve this? I am having a similair issue. Pity no one has replied to your post. Hopefully someone can help me.

          I have setup portal 2.4.1 to use LDAP authentication. However, it only authenticates with LDAP and allows access to portal. It doesn't pull in any user information from LDAP. So I have to create a local user in portal. But now when I assign that local user security rights to certain pages, and then login with the username and "ldap" password, it authenticates correctly, but the logged in user cannot see the pages I gave him rights to. However, If I login with the same user, but dont use my "ldap" password, and use the "local" portal password instead for that same user, I can login and then see the pages that I gave him security rights to. I need to be able to use the "ldap" password to login for every user, not the "local" password.

          So basically it seems that if I use the local jboss password for user "bob", it uses the security rights setup for "bob". But if I use the ldap password for user "bob", it treats the login as a different user or something, and all security rights are missing and I cant see his pages.

          Any help please?

          • 2. Re: Showing a secured page when user is logged in
            manuelpalacio Newbie

            To solve a similar problem I created my own login module that checks that the user exists in LDAP first. If this is so and the user doesn't exist in the portal DB, it creates it (with same username and password), using the user and roles module that you can get from JNDI. It also creates roles if needed. You can maybe use variations of this idea to solve LDAP-Portal integration problems.