This content has been marked as final. Show 7 replies
This does in fact work. You are very close and it looks like you have done all of the right steps.
One thing I noticed is that you need to escape the "=" character in the role name. Try this in your roles file:
You also need the "role-link" element in the portlet.xml file. Modify your portlet.xml to be like this:
cn\=student,dc\=ouru,dc\=ca=student cn\=faculty,dc\=ouru,dc\=ca=faculty cn\=employee,dc\=ouru,dc\=ca=employee cn\=staff,dc\=ouru,dc\=ca=staff
Also, are these filtered or static roles? Portal 6 has a bug that prevents this from working with filtered roles. The roles must be static. Note that filtered roles do work correctly in other areas of the portal, but they do cause a problem for JSR 168.
<security-role-ref> <role-name>student</role-name> <role-link>student</role-link> </security-role-ref> <security-role-ref> <role-name>faculty</role-name> <role-link>faculty</role-link> </security-role-ref> <security-role-ref> <role-name>employee</role-name> <role-link>employee</role-link> </security-role-ref> <security-role-ref> <role-name>staff</role-name> <role-link>staff</role-link> </security-role-ref>
One last step is to undeploy and then deploy the portlet for these changes to be effective.
Thanks for your guidance, this does in fact work when I make the changes you suggest. I would really like to know how you learned to do this since I can't find this correctly documented anywhere. It seems such an obvious thing that developers would want to do so I am not sure why SUN has no documentation that I could find (except a vague reference in their pdeploy instructions with incorrect/incomplete directions). So if I have missed some "How to get roles" document somewhere I would really like to know about it (perhaps this posting is it).
In any case I was hoping that you (or anyone else) might then tell me how to access filtered roles, since as you say, this method doesn't work for filtered roles in portal server 6. I notice ProviderContext has a getRoles() method but it is not exposed in the tag lib? Is there a way to get at the ProviderContext object in a provider and use this method. Does it return filtered roles?
Thanks again for all your help. You have saved me days of trial and error.
You can access filtered roles by including the Access Manager SDK in your portlet. Making direct calls to the am sdk resolves the issue, however your portlet is no longer portable. It will be a specific implementation for the Sun Access Manager. Unfortunately this is the only workaround for access filtered roles within a portlet.
Read this thread for a little more information:
I have found many references to this methodology in this forum but there seems to be some confusion about implementation. For instance:
Do I have access to the SSOToken from the doView method of the portlet, or do I need a servlet?
Since I will reference a jsp from my portlet doView method anyway will that do as a servlet? Can I access the SSOToken from there?
Can I reference this from a jsp provider? SInce I am using SUN specific technology anyway, I might as well just use jsp provider I think.
Do I need any special jars when I deploy? One that holds the AM SDK?
I think I would at least need these to develop a JSR-168 portlet in Enterprise 8. Any idea where I can download them? (From my AM server ;-))
For filtered role, can you try giving role name in lower case? I think, this should work.
You are correct. Using lower case role names in the rolesfile.txt is also a work around. I just found this myself about 2 weeks ago. I have filed a bug: CR 6415998. This is scheduled to be fixed in JES5.
Can you show me the contents of you web.xml and portlet.xml? I think I have done something wrong, because I see the "Content not available" error, after deploying my portlet with security roles mapping.