On Mar 30, 2007, at 4:34 AM, rajath rajagopal wrote:
Hi All,
I am deploying Jetspeed in oracle app server.
I have configured a realm called Jetspeed with users and roles in
the oracle app server. Also I have deployed jetspeed, j2-admin &
demo wars in the app server.
I am able to get the jetspeed portal home page. On trying to log in
I found that it is first looking for username in jetspeed database
schema. If it is there the containers realm is used to get the
password for that user, otherwise I get an invalid username alert
message. Is this how it should behave ? Is this the behaviour seen
when deployed in Tomcat ? Should the container authenticate or
should it be from the database ?
Also when I login not all the admin level features are working.
What should be done to get all features working correctly ?
Out of the box, Jetspeed uses its own authentication via the Login
portlet.
Note that Jetspeed authentication is actually using a Login Module,
so it is in itself container-managed authentication.
It is possible to disable this method of authentication, and to
instead use the container's authentication
One way to achieve this, is to remove the login portlet from your
home page, and make sure to protect all Jetspeed URLs via the web.xml
such as
<security-constraint>
<!-- web resources that are protected -->
<web-resource-collection>
<web-resource-name>AllJetspeed</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
Jetspeed will try to pick up the principal from the servlet request,
but if you want to manage your own authorization, override the
Security Valve to populate the Jetspeed Subject
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
