PortalFilter, in the 2.1 release, appears to do just that. I uncommented it in the portal web.xml, and that did the trick. Thanks!
On 5/24/07, David Sean Taylor <[EMAIL PROTECTED]> wrote:
On May 24, 2007, at 9:24 AM, Joshua Phillips wrote: > I have created a custom security valve for my SSO requirements. It > successfully populates the JAAS subject and puts in into the > session. This > allows users to log in and have the correct roles. However, the user > principal of the HttpServiceRequest is never populated. So, for > example, the > Logout link is not displayed by header.vm, which checks for the > presence of > the user principal. > > My question is, besides providing my own security valve, what do I > have to > do to ensure that the basic security mechanisms work as expected? > I've read > previous threads on the security valve which were quite helpful, > but didn't > address this issue. > In the custom security valves we have implemented in the past, we had an external authentication system we were integrating with. A servlet filter can be used to wrapper the HttpServletRequest's principal --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
