Hi all,
Jsr-168 Portlet specification allow user use PortletRequestDispatcher to include Servlet or Jsp resource (PLT.16) and Jetspeed-2 leverage Servlet Dispatching Requests mechanism to support it(SRV.8).
For example, my portal webApp context is jetspeed and there also has a portlet application with demo as its context.
Jetspeed.ear
|
|
|--------demo.war
| |
| |--------
roles.jsp (call isUserInRole() in it)
|
|--------jetspeed.war
When there is a request for the portal like this:http://localhost:8080/jetspeed, Jetspeed-2 will call
requestDispatcher.include(servletRequest, servletResponse) to include content generate from roles.jsp. When the code run to Line 79 in GeronimoPolicy.java, I found that PolicyContext.getContextID() will return contextId for
jetspeed.war, not the one I expect(context if for demo.war), then the following jacc evaluation fail.
If Geronimo does not switch PolicyContext, my only workaround is to define all portlet applcation's security role and security-constraints in
jetspeed.war's web.xml and it break PLT.20.2, PLT.20.3 and PLT.20.4.
Any help would be appreciated.
- Jian Liao
