0 Replies Latest reply on Mar 30, 2007 5:50 AM by engela

    Sharing portal security realm with a servlet

    engela

      I have a servlet MyServlet which is deployed in the same war file as a portlet MyPortlet.

      The view of MyPortlet references the MyServlet to generate some content:

      <%@ taglib uri="http://java.sun.com/portlet" prefix="portlet" %>
      <%@ page isELIgnored="false" %>
      <portlet:defineObjects/>
      <table width="100%" cellpadding="2" border="0">
      <tr>
       <td class="portlet-section-body" >
       MyPortlet
       </td>
      </tr>
      <tr>
       <td class="portlet-section-body" >
       <img src="<%= request.getContextPath() %>/MyPortlet" />
       </td>
      </tr>
      </table>


      Is it possible for the servlet to share the same security realm i.e. so that the
      request.getRemoteUser();
      request.getPrinicipal() ;

      return the current user and
      request.isUserInRole("MyUser") ;

      returns true?

      I declared the role "MyUser" in the web.xml:

      <web-app>
       <servlet>
       <servlet-name>MyPortlet</servlet-name>
       <display-name>MyPortlet</display-name>
       <servlet-class>MyPortlet</servlet-class>
       </servlet>
      
       <servlet-mapping>
       <servlet-name>MyPortlet</servlet-name>
       <url-pattern>/MyPortlet</url-pattern>
       </servlet-mapping>
      
       <security-role>
       <role-name>MyUser</role-name>
       </security-role>
       </web-app>


      Additionally I have added the jboss-web.xml file to the WEB-INF directory and added the line:

      <jboss-web>
       <security-domain>java:jaas/portal</security-domain>
      </jboss-web>


      This doesn't seem to do the trick? Am I missing something or can servlet not share the security realm of the portal?a

      (The servlet should be only accessible to authenticated users i.e. I quite like to add some security constraint to the web.xml for the servlet)

      Thanks,

      Anette