Hi Tim,
With a servlet filter, I don't think there's any safe solution to access the
subject.
However, if you can use a portlet filter, it's possible to access the subject
by using org.apache.jetspeed.security.JSSubject#getSubject().
I guess a portlet filter would fit for your use case because y
Thanks Vivek,
I have verified that roles are being imported into the security_principal table.
Is there an easy way to access the subject using a filter? By debugging, I can
see that the subject is set, but I can't find a way to access it.
On 2010-12-21, at 12:44 PM, Vivek Kumar wrote:
> Jetspe
Jetspeed put user roles in httpRequest subject, while user
get authenticated from database or ldap. This is should work
I think you can check jetspeed database to verify that, if your roles and
their mapping have been synced to database.
Here are tables "SECURITY_PRINCIPAL" and "SECURITY_PRINCIP
Jetspeed security read all the information from database, although it keep
itself updated from ldap . Every time user gets logged in to portal.
Jetspeed synchronized user information, roles and groups ldap to database.
There is no way to disable it.
You can access jetspeed security system using d
I've noticed that authenticating against LDAP is importing the LDAP users and
groups into the Jetspeed database. Is it possible to disable this behaviour? If
there is, is that going to affect accessing these roles programatically?
Thanks,
Tim Macdonald
--
I've been able to configure Jetspeed to authenticate against an ApacheDS LDAP
server. What I'm trying to do is transfer the roles (groups) coming from the
LDAP server into Spring GrantedAuthorities so that I can secure Spring Portlet
MVC controllers using the @Secured annotation. I've tried usin
