Hi Tim, With a servlet filter, I don't think there's any safe solution to access the subject. However, if you can use a portlet filter, it's possible to access the subject by using org.apache.jetspeed.security.JSSubject#getSubject(). I guess a portlet filter would fit for your use case because you mentioned spring portlet mvc based applications.
Regards, Woonsan --- On Tue, 12/21/10, Tim MacDonald <[email protected]> wrote: > From: Tim MacDonald <[email protected]> > Subject: Re: Creating Spring Authorities from LDAP > To: "Jetspeed Developers List" <[email protected]> > Date: Tuesday, December 21, 2010, 7:23 PM > Thanks Vivek, > > I have verified that roles are being imported into the > security_principal table. > > Is there an easy way to access the subject using a filter? > By debugging, I can see that the subject is set, but I can't > find a way to access it. > On 2010-12-21, at 12:44 PM, Vivek Kumar wrote: > > > Jetspeed put user roles in httpRequest subject, while > user > > get authenticated from database or ldap. This is > should work > > > > I think you can check jetspeed database to verify > that, if your roles and > > their mapping have been synced to database. > > > > Here are tables "SECURITY_PRINCIPAL" and > "SECURITY_PRINCIPAL_ASSOC" > > > > Vivek > > > > On Tue, Dec 21, 2010 at 5:17 PM, Tim MacDonald > > <[email protected]>wrote: > > > >> I've been able to configure Jetspeed to > authenticate against an ApacheDS > >> LDAP server. What I'm trying to do is transfer the > roles (groups) coming > >> from the LDAP server into Spring > GrantedAuthorities so that I can secure > >> Spring Portlet MVC controllers using the @Secured > annotation. I've tried > >> using a filter to check for specific roles against > the request.isUserInRole, > >> but it returns false for the LDAP roles. What is > the recommended way for > >> accessing LDAP roles? > >> > >> Thanks, > >> Tim Macdonald > >> > >> > --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > >> > > > > > > -- > > Regards & thanks > > Vivek Kumar > > > > [email protected] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
