Hi Horacio, Do you want to invoke the (CXF) servlet from the client-side script which is generated by your portlet? If so, I think you can create a javax.portlet.ResourceURL for the client code with setting resource ID to the target servlet path. Then, in your servlet code or target service component, you can retrieve servlet request and check the security by invoking #getUserPrincipal() or #isUserInRole() methods on the servlet request.
Regards, Woonsan ----- Original Message ---- > From: hantone <[email protected]> > To: [email protected] > Sent: Sun, June 13, 2010 4:29:03 AM > Subject: Ajax WS call to update a widget value > > Hi! how are you all? I'm new in all this "front-end" stuff, so please > excuse me if I say anything dumb. I will be using Jetspeed for a few > proyects I'm starting. Right now I'm using CXF to handle all the > business logic of the project, exposing it as SOAP rpc/literal Web Services > and, I'm consuming it from a GenericPortlet class (Java) to get the data from > them and then use that data in the JSP to build the HTML response. I'd > like to load some data asyncronusly in a Portlet, for example, after I load a > branch code, make a call to the WS to get the name of the branch and update > the textBox of it in the Portlet. The problem is that I want to include > security when I consume the Service, because I'll be exposing some critical > data. That's why I wonder if it could be possible to access a servlet > inside the same Tomcat and take advantage of Jetspeed SSO/"Authentication > and Authorization" to have security checks. To check for example, if the user > is logged in, if the user session is not expired, if the user has access to > the call that service, and securing the data so it is not understand with a > men in the middle attack. I'll really appreciate if you can point me > in the right direction. Thanks in advance for your time! Horacio A > Antonelli -- View this message in context: > http://old.nabble.com/Ajax-WS-call-to-update-a-widget-value-tp28868727p28868727.html Sent > from the Jetspeed - User mailing list archive at > href="http://Nabble.com";>Nabble.com. --------------------------------------------------------------------- To > unsubscribe, e-mail: > ymailto="mailto:[email protected]"; > href="mailto:[email protected]";>[email protected] For > additional commands, e-mail: > ymailto="mailto:[email protected]"; > href="mailto:[email protected]";>[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
