geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jian Liao <norwaywo...@gmail.com>
Subject PolicyContext does not switch, when a crosscontext include occur
Date Tue, 17 Jan 2006 04:44:25 GMT
Hi all,
Jsr-168 Portlet specification allow user use PortletRequestDispatcher to
include Servlet or Jsp resource (PLT.16) and Jetspeed-2 leverage Servlet
Dispatching Requests mechanism to support it(SRV.8).
For example, my portal webApp context is jetspeed and there also has a
portlet application with demo as its context.

Jetspeed.ear
        |
        |
        |--------demo.war
        |              |
        |             
|--------roles.jsp<http://svn.apache.org/repos/asf/portals/jetspeed-2/trunk/applications/demo/src/webapp/WEB-INF/demo/security/roles.jsp>(call
isUserInRole() in it)
        |
        |--------jetspeed.war

When there is a request for the portal like this:
http://localhost:8080/jetspeed, Jetspeed-2 will call
requestDispatcher.include(servletRequest, servletResponse) to include
content generate from roles.jsp. When the code run to Line 79 in
GeronimoPolicy.java, I found that PolicyContext.getContextID() will return
contextId for jetspeed.war, not the one I expect(context if for demo.war),
then the following jacc evaluation fail.

If Geronimo does not switch PolicyContext, my only workaround is to define
all portlet applcation's security role and security-constraints in
jetspeed.war's web.xml and it break PLT.20.2, PLT.20.3 and PLT.20.4.

Any help would be appreciated.

- Jian Liao

Mime
View raw message