JSR168 Portlet, Principal and isUserInRole
Hi y'awll,
We are currently starting migration towards portal server 7.1. As part of this migration we are looking at tighter integration of JSR168 portlets and the portal. I deployed a test portlet with the portlet defined in portlet.xml as:
<portlet>
<description>TestPortlet</description>
<portlet-name>TestPortlet</portlet-name>
<display-name>TestPortlet</display-name>
<portlet-class>ca.macewan.portlet.test.TestPortlet</portlet-class>
<expiration-cache>0</expiration-cache>
<supports>
<mime-type>text/html</mime-type>
<portlet-mode>VIEW</portlet-mode>
</supports>
<portlet-info>
<title>Test Portlet</title>
<short-title>Test Portlet</short-title>
</portlet-info>
<security-role-ref>
<role-name>test_role</role-name>
<role-link>test_role</role-link>
</security-role-ref>
</portlet>
and the following security section in web.xml:
<security-role>
<description/>
<role-name>test_role</role-name>
</security-role>
(There is no sun-web.xml or sun-portlet.xml file.)
The roles-mapping properties file used in deployment looks as follows:
cn\=Test\ Role,o\=myMacEwanPortal,dc\=macewan,dc\=ca=test_role
Deployment succeeds without errors.
When testing the portlet, after a user with the Test Role attached logs in, the portlet shows the following behaviours:
- The portlet RenderRequest object's isUserInRole("test_role") returns true, as it should.
- The servlet HttpServletRequest object's isUserInRole("test_role") returns false (is this the expected behaviour?)
- Both the RenderRequest.getUserPrincipal() and HttpServletRequest.getUserPrincipal() methods return null. There is a mention of this in the 121465-28 and 121466-28 patch readme's. The server indicates this patch is already applied. Trying to force-reapply the patch doesn't change this. Looks like this isn't fixed after all, unless I'm missing something.
- Using the amserver sdk classes to retrieve an SSOToken and then reading user's principal and role information shows all information is available through this route.
I guess my main questions are: Should the HttpServletRequest wrapper around the portlet's RenderRequest object return true on the isUserInRole method, and why is getUserPrincipal returning null in all cases?
Cheers,
Erwin
