Yeah, I was about to say, use tomcat SSO and then the getUserPrincipal and isUserInRole servlet API calls will work.
I use this technique extensively for retrieving data and content via AJAX for my portlets. On 11/12/06, Philip Mark Donaghy <[EMAIL PROTECTED]> wrote:
Hi Team, On 11/12/06, Team Vit <[EMAIL PROTECTED]> wrote: > Hi everybody, > > I have a question... If i wanted to make a "pure JSR 168 portlet" and use > ajax within it > then is it true that the only option i have is to make the ajax calls to a > servlet ??? I guess this would be a standard j2ee solution. Though you'll probably have different security configurations for each j2ee vendors. This post from Aaron explains how to set up a shared tomcat realm to validate users across webapp contexts running on on the same tomcat server. http://www.mail-archive.com/[email protected]/msg04829.html > > if that is the case , how would i validate the user making the > calll..whether he has logged in to the portal > and what role he is in ...etc..basically all related information to the > user. Just add a security-constraint to the web.xml and specify the jetspeed role required to access the servlet. <security-constraint> <web-resource-collection> <web-resource-name>NOC</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>operations</role-name> </auth-constraint> </security-constraint> <!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Jetspeed</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <description> The role that is required to log in to the Manager Application </description> <role-name>manager</role-name> </security-role> Using tomcat-sso users with the j2 role manager (or whatever you specify) will be able to access the servlet or any resource(see role-name tag) in the web app. The /* means everything in the web app. The realm name Jetspeed needs to be specified in the server.xml as described in the other thread. Phil > > as of now i am setting using the portlet session to pass info between the > servlet n portlet..is there a more elegant solution? > > I am really new to J2EE so please excuse me if this a really stupid > question....and point me to the right documentation.. > > thanks > > Team VIT > > -- Philip Donaghy donaghy.blogspot.com del.icio.us/donaghy/philip Skype: philipmarkdonaghy Office: +33 5 56 60 88 02 Mobile: +33 6 20 83 22 62 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
