I remember you did that sometime before, and then we couldn't login anymore because the login portlet thought the user was already logged in. That problem must be prevented.
I have no problem with the guest subject set on the request, as long as the declarative security (check on request.getUserPrincipal etc.) keep working according to the specs.
David Sean Taylor wrote:
Ate,
We (Randy and I) would like to put the guest subject in the request context, and also execute the remainder of the request under that subject.
I seem to remember you questioning this at one time, but I can't find the correspondence, perhaps it was IRC.
Are you alright with removing the code below and always putting the guest subject in the request context, or is there a problem with that?
if ((userPrincipal.getName()).equals(profiler.getAnonymousUser())
&& (!(principal.getName()).equals(profiler.getAnonymousUser())))
{
subject = userMgr.getUser(principal.getName()).getSubject();
request.getRequest().getSession().setAttribute(
PortalReservedParameters.SESSION_KEY_SUBJECT, subject); }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
