[
https://issues.apache.org/struts/browse/WW-1696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rene Gielen resolved WW-1696.
-----------------------------
Resolution: Fixed
Fixed in SVN.
> ServletConfigInterceptor, along with PrincipalAware / PrincipalProxy, are not
> portlet aware
> -------------------------------------------------------------------------------------------
>
> Key: WW-1696
> URL: https://issues.apache.org/struts/browse/WW-1696
> Project: Struts 2
> Issue Type: Bug
> Components: Portlet Integration
> Affects Versions: 2.0.4
> Reporter: Rene Gielen
> Assigned To: Rene Gielen
> Priority: Critical
> Fix For: 2.0.5
>
>
> Background: PortletRequest.getPrincipal() / PortletRequest.getRemoteUser()
> ... are the only well-defined extensions points for adding personalization /
> security related stuff to your portlets.
> The current implementation relies on access to HttpServletRequest, but the
> Jsr168Dispatcher does not put the HttpServletRequest into action context (in
> fact there is a TODO in the code, but I wonder where it should come from!?!).
> After all, for enabling actions to be principal aware, the PortletRequest
> provides all neccessary information as well.
> Right now, PrincipalProxy ís HttpServletRequest dependent. We should abstract
> it into an interface with one servlet and one porlet specific implementation
> to deliver Principal related information from PorletRequest, if applicable.
> This would have minimal impact on current code, while eliminating a
> showstopper for portlet development. Along with that, the getRequest() method
> of PrincipalProxy should be deprecated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
