Announcement Announcement Module
No announcement yet.
JBoss portlet security Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • JBoss portlet security

    Hi all,

    I am trying to secure my portlets on a JBoss server as well as have access to the current logged in user with any roles they may have. I understand there is a Spring adapter for JBoss that I should use to enabled authentication through Spring in JBoss, but I'm not quite sure how to do it.

    Please let me know if there are some links or tutorials that I am missing or if there is a good book for this topic. I use Spring Recipes for reference/to get started, but am on my own now.


  • #2
    There are (at least) two ways to pursue what you are asking about.

    The JSR-168 spec itself provides the ability the get the username of the current user and the ability to check the roles that the user has. Take a look at the following methods on the PortletRequest object for more information on this: getRemoteUser, getUserPrincipal, isUserInRole (getAuthType and isSecure might be interesting as well).

    If you are interested in using some of the elements of the Spring Security framework, such as declarative protection of services, etc. then you should take a look at the portlet support in Spring Security. As a starting point, there is a sample application in the source code repository, but it does not appear to be included with the distribution. You can see the sample app in SVN.

    Hope that helps!


    • #3

      The correct link from the repository is

      But the example is not work as expected.

      I deployed the example in the JBoss Portal but did not appear the Granted Authorities from users.

      So, I will create a class that get de user roles in database and return to Spring.


      • #4
        Securing Portlets


        Thanks for your reply, I will check into it more when I get a chance.

        I see this is what I want:

        I think that is probably enough to get me started - I think I didn't clearly state this issue earlier, but looking at this configuration made me realize the problem I may have when implementing security.

        I have my own User implementation which differs from the JBoss implementation. I suppose I will need to create a bridge between a JBoss user and my user? Is there any way to rely entirely on Spring Security for authentication inside JBoss?