You are viewing a plain text version of this content. The canonical link for it is here.

Posted to pluto-user@portals.apache.org by Pavel <pa...@gmail.com> on 2007/07/20 17:32:48 UTC

Authentication. getRemoteUser?

Hi,

I'm implementing my own authentication in my portal and I'd like it to 
propagate to portlets. AFAIU request.getRemoteUser() is the only 
JSR-168ish way... Is there any way to control it? I don't see anything 
in the Pluto SPI, and the implementation of the PortletRequest just gets 
the RemoteUser straight from HttpServletRequest. But according to 
PLT.11.1.6 of JSR-168 spec I should be able to implement my own AuthType.

Are there any plans for an optional AuthenticationService?

Thanks,

Pavel

Re: Authentication. getRemoteUser?

Posted by Pavel J <pa...@gmail.com>.

Thanks Ben, I'll give it a try.

--
Pavel Jbanov

On 7/21/07, Benjamin Gould <be...@netsos.com> wrote:
>
> Pavel,
>
> Even without an AuthenticationService, I think that there is a hook in
> the SPI that you can use to do this.  If you extend
> org.apache.pluto.core.DefaultPortletEnvironmentService, you can control
> the implementations of ActionRequest and RenderRequest that are
> utilized.  Thus, you could extend ActionRequestImpl and
> RenderRequestImpl to provide your own version of getRemoteUser() as
> needed.
>
> -- Ben
>
> On Fri, 2007-07-20 at 09:32 -0600, Pavel wrote:
> > Hi,
> >
> > I'm implementing my own authentication in my portal and I'd like it to
> > propagate to portlets. AFAIU request.getRemoteUser() is the only
> > JSR-168ish way... Is there any way to control it? I don't see anything
> > in the Pluto SPI, and the implementation of the PortletRequest just gets
> > the RemoteUser straight from HttpServletRequest. But according to
> > PLT.11.1.6 of JSR-168 spec I should be able to implement my own
> AuthType.
> >
> > Are there any plans for an optional AuthenticationService?
> >
> > Thanks,
> >
> > Pavel
> >
>
>


-- 
Pavel

Re: Authentication. getRemoteUser?

Posted by Benjamin Gould <be...@netsos.com>.

Pavel,

Even without an AuthenticationService, I think that there is a hook in
the SPI that you can use to do this.  If you extend
org.apache.pluto.core.DefaultPortletEnvironmentService, you can control
the implementations of ActionRequest and RenderRequest that are
utilized.  Thus, you could extend ActionRequestImpl and
RenderRequestImpl to provide your own version of getRemoteUser() as
needed.

-- Ben

On Fri, 2007-07-20 at 09:32 -0600, Pavel wrote:
> Hi,
> 
> I'm implementing my own authentication in my portal and I'd like it to 
> propagate to portlets. AFAIU request.getRemoteUser() is the only 
> JSR-168ish way... Is there any way to control it? I don't see anything 
> in the Pluto SPI, and the implementation of the PortletRequest just gets 
> the RemoteUser straight from HttpServletRequest. But according to 
> PLT.11.1.6 of JSR-168 spec I should be able to implement my own AuthType.
> 
> Are there any plans for an optional AuthenticationService?
> 
> Thanks,
> 
> Pavel
>