I have a servlet MyServlet which is deployed in the same war file as a portlet MyPortlet.
The view of MyPortlet references the MyServlet to generate some content: <%@ taglib uri="http://java.sun.com/portlet" prefix="portlet" %> | <%@ page isELIgnored="false" %> | <portlet:defineObjects/> | <table width="100%" cellpadding="2" border="0"> | <tr> | <td class="portlet-section-body" > | MyPortlet | </td> | </tr> | <tr> | <td class="portlet-section-body" > | <img src="<%= request.getContextPath() %>/MyPortlet" /> | </td> | </tr> | </table> Is it possible for the servlet to share the same security realm i.e. so that the request.getRemoteUser(); | request.getPrinicipal() ; return the current user and request.isUserInRole("MyUser") ; returns true? I declared the role "MyUser" in the web.xml: <web-app> | <servlet> | <servlet-name>MyPortlet</servlet-name> | <display-name>MyPortlet</display-name> | <servlet-class>MyPortlet</servlet-class> | </servlet> | | <servlet-mapping> | <servlet-name>MyPortlet</servlet-name> | <url-pattern>/MyPortlet</url-pattern> | </servlet-mapping> | | <security-role> | <role-name>MyUser</role-name> | </security-role> | </web-app> Additionally I have added the jboss-web.xml file to the WEB-INF directory and added the line: <jboss-web> | <security-domain>java:jaas/portal</security-domain> | </jboss-web> This doesn't seem to do the trick? Am I missing something or can servlet not share the security realm of the portal?a (The servlet should be only accessible to authenticated users i.e. I quite like to add some security constraint to the web.xml for the servlet) Thanks, Anette View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4033073#4033073 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4033073 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user