portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Sean Taylor <da...@bluesunrise.com>
Subject Re: JS1.6 JSR168 portlets: cannot get username
Date Mon, 25 Jul 2005 07:59:31 GMT
R.T.H.Chin wrote:
> Hi,
> 
> I am developing some portlets for Jetspeed1.6 according to the Java 
> Portlet Specification. Everything works fine except for one thing: I 
> cannot get the username of the client. These all return null:
> 
> request.getAuthType();
> request.getRemoteUser();
> request.getUserPrincipal();
> 
You need to configure a JAASSessionValidator

org.apache.jetspeed.modules.actions.JAASSessionValidator

Here are the instructions from the javadocs:

/**
  * JAAS Session validator populates the Jetspeed User via the 
servlet.getUserPrincipal() call
  * When using this session validator, Authentication is delegated to 
the Application Server.
  * Recommend disabling all user login functionality via Jetspeed, and 
using your web.xml
  * to protect access to all Jetspeed resources  (place after 
resource-ref or welcome-file-list:
  *
  * <security-constraint>
  *   <display-name>Jetspeed Security</display-name>
  *   <web-resource-collection>
  *     <web-resource-name>Protected Area</web-resource-name>
  *     <!-- Define the context-relative URL(s) to be protected -->
  *     <url-pattern>/*</url-pattern>
  *
  *     <!-- If you list http methods, only those methods are protected -->
  *     <http-method>DELETE</http-method>
  *     <http-method>GET</http-method>
  *     <http-method>POST</http-method>
  *     <http-method>PUT</http-method>
  *   </web-resource-collection>
  *   <auth-constraint>
  *     <!-- Anyone with one of the listed roles may access this area -->
  *     <role-name>user</role-name>
  *     <role-name>admin</role-name>
  *   </auth-constraint>
  *
  *   <!--
  *     <user-data-constraint>
  *       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  *     </user-data-constraint>
  *   -->
  * </security-constraint>
  *
  * <login-config>
  *   <auth-method>BASIC</auth-method>
  *   <realm-name>Jetspeed BASIC Authentication</realm-name>
  * </login-config>
  *
  * <!-- Default login configuration uses form-based authentication -->
  * <!--
  *   <login-config>
  *     <auth-method>FORM</auth-method>
  *     <realm-name>Example Form-Based Authentication Area</realm-name>
  *     <form-login-config>
  * 
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
  * 
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
  *     </form-login-config>
  *   </login-config>
  * -->
  *
  * <!-- Security roles referenced by this web application -->
  * <security-role>
  *   <role-name>admin</role-name>
  * </security-role>
  * <security-role>
  *   <role-name>user</role-name>
  * </security-role>
  * <security-role>
  *   <role-name>guest</role-name>
  * </security-role>
  *
  * Place the following the the servlet element where the Turbine 
servlet is defined:
  *
  * <security-role-ref>
  *  <role-name>user</role-name>  <!--passed to isUserInRole()-->
  *  <role-link>user</role-link>  <!--Jetspeed role name-->
  * </security-role-ref>
  *
  * <security-role-ref>
  *   <role-name>admin</role-name>
  *   <role-link>admin</role-link>
  * </security-role-ref>
  *
  * <security-role-ref>
  *   <role-name>guest</role-name>
  *   <role-link>guest</role-link>
  * </security-role-ref>
  *

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message