Secure Portlet

Hi all,
I am read the following white paper,
http://www.oracle.com/technology/products/oses/pdf/SES_technical_whitepaper_10.1.8.2.pdf
Under the document, SES AND ORACLE APPLICATION SERVER PORTAL to explain the secure portlet.
My question is, this is only way to register the portal? or any other way to working on this portlet? If yes, how will work on secure search on Portal.
My Oracle Portal Version: 10.1.4.1.0
SES : 10.1.8.2
Please anyone help me. I am waiting for your valuable reply.
Thanks!

Hi all,
Please anyone help on this one.
Thanks!

Similar Messages

Error while consuming secured portlets

Hi,
We have the following usecase:
- Producer - One taskflow which is given to anonymous role. Converted this task-flow to a portlet.
- Consumer - We need to consume this portlet in another ADF application which is unsecured.
Steps done:
1) Created an ADF application with this taskflow and converted to portlet.
2) Created a consumer application.
3) In the consumer app, created a WSRP connection for this portlet (to register the producer).
- In the "Configure Security Attributes" in the WSRP portlet producer wizard, we have selected the following:
- Token Profile: WSS 1.0 SAML Token with Message Protection
- Configuration: Default
- Default user: anonymous
4) Drag and drop the portlet on the consumer page and run.
With this i am encountering the following exception:
<WsmMessageLogger> <logSevere> Permissionjava.lang.Class required to switch the identity not granted to the resource. access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
<WsmMessageLogger> <logSevere> Error in sending the request.
<WsmMessageLogger> <logSevere> Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.
<WsmMessageLogger> <logSevere> Failure in WS-Policy Execution due to exception.
<WsmLogUtil> <log> Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=MyPortletConsumerApplication, composite=null, modelObj=default-service, policy=oracle/wss10_saml_token_with_message_protection_client_policy, policyVersion=null, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss10-saml-with-certificates.
oracle.wsm.common.sdk.WSMException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
     at oracle.wsm.security.policy.scenario.executor.Wss10SamlWithCertsScenarioExecutor.sendRequest(Wss10SamlWithCertsScenarioExecutor.java:142)
     at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:598)
     at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
     at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:666)
     at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:342)
     at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:289)
Caused by: oracle.wsm.security.SecurityException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
     at oracle.wsm.security.policy.scenario.util.PermissionUtil.checkIdentityPermission(PermissionUtil.java:83)
     at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.getUserNameWhenSubjectIgnoredAfterCheckingPermission(WssSamlTokenProcessor.java:385)
Caused by: java.security.AccessControlException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
     at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
     at java.security.AccessController.checkPermission(AccessController.java:546)
     at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:379)
<PortletRenderer> <setErrorState> An error has occured for Portlet Binding portlet1.
oracle.fabric.common.PolicyEnforcementException: access denied (oracle.wsm.security.WSIdentityPermission resource=MyPortletConsumerApplication assert)
     at oracle.fabric.common.AbstractSecurityInterceptor.processResult(AbstractSecurityInterceptor.java:239)
     at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:95)
     at oracle.integration.platform.common.InterceptorChainImpl$1.run(InterceptorChainImpl.java:187)
     at java.security.AccessController.doPrivileged(Native Method)
     at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
Also where can i find a proper documentation about portlet security and consuming secured portlets?

Hello
Did you resolved this?
I've deployed 11.1.1.6.0 and applied patch 14361677.
I've deployed my portlet to a custom portal and using EM, attached the WSS 1.0 SAML Token with Message Protection Service policy. I registered the WRSP portlet and specified WSS 1.0 SAML Token with Message Protection under the security section.
The portlet works fine in composer - it's when I save the page that I am finding problems.
Once I saved the page and try to stress test the portlet (i.e., press the button twice for instance), an error page is displayed indicating a time out.
If I navigate to another page and return to my page, the portlet does not render.
When I log out of WebCenter, the exception described in your post is thrown.
It would be great if Oracle provided documentation we are looking for.

Searching Private content using a Secure Portlet

Hi all,
Inside the Portal, i am using the HTML Portlet. Using the Iframe,
<html>
<IFRAME SRC="<host_name>:<port_number>/search/query/search?view=advanced" width="800" height="600">
</IFRAME>
</html>
It's display fine. And i am key in the search term, the search result display a public contents only.
AND
I am register a Secure Portlet, then trying to search. It's also displays a public contents only.
How will work on to search, a Private content as a corresponding PortalUser?
(already we setup the SES to SSO).
Note: A separate search (<host_name>:<port_number>/search/query/search) working fine to searching a private contents. But, inside the portlet it is not working.
Can anyone help on this one? It is urgent now.
Thanks in advance.

Hi all,
Please anyone help on this one.
Thanks!

Errors while consuming secured portlet on anonymous user

Hello,
I'm trying to configure security end-to-end Portlet as in this link http://fusionsecurity.blogspot.com/2010/09/hands-on-wsrp-security-in-oracle-fusion_04.html.
I got WSRP security with authenticated users, but when I try to consume the portlet on anonymous users (unauthenticated), I receive the error below:
Caused By: javax.xml.rpc.soap.SOAPFaultException: FailedAuthentication : The security token cannot be authenticated.
                at oracle.j2ee.ws.client.StreamingSender._raiseFault(StreamingSender.java:669)
                at oracle.j2ee.ws.client.StreamingSender._sendImpl(StreamingSender.java:475)
                at oracle.j2ee.ws.client.StreamingSender._send(StreamingSender.java:149)
                at oracle.portlet.wsrp.v2.soap.runtime.WSRP_v2_Markup_Binding_SOAP_Stub.initCookie(WSRP_v2_Markup_Binding_SOAP_Stub.java:343)
                at oracle.portlet.wsrp.v2.WSRP_v2_Markup_PortTypeJaxbToSoap.initCookie(WSRP_v2_Markup_PortTypeJaxbToSoap.java:671)
                at oracle.portlet.wsrp.v2.ServerToWSRPv2.initCookie(ServerToWSRPv2.java:22225)
                at oracle.portlet.client.connection.wsrp.ActivityServerWrapper.initCookie(ActivityServerWrapper.java:1125)
                at oracle.portlet.client.techimpl.wsrp.WSRPInitCookiePipe.execute(WSRPInitCookiePipe.java:130)
                … more
We have the following usecase:
1) Created an ADF application with one JSP page and converted to portlet.
2) Created a consumer application (Webcenter Portal Framework Application).
3) In the consumer app, created a WSRP connection for this portlet (to register the producer).
- In the "Configure Security Attributes" in the WSRP portlet producer wizard, we have selected the following:
- Token Profile: WSS 1.0 SAML Token with Message Protection
- Configuration: Default
- Default user: anonymous
4) Drag and drop the portlet on the consumer page and run.
Would anyone tell me how do I set the permission for an anonymous user?
Thanks.

Hi Bijesh,
Yes, I have tried not specifying a default user and I got the error below:
<Feb 3, 2015 2:53:48 PM BRST> <Notice> <Stdout> <BEA-000000> <<Feb 3, 2015 2:53:48 PM BRST> <Error> <oracle.wsm.resources.security> <WSM-00008> <Web service authentication failed.
javax.security.auth.login.LoginException: wsrp:minimal
                at oracle.security.jps.internal.jaas.module.saml.JpsAbstractSAMLLoginModule.login(JpsAbstractSAMLLoginModule.java:127)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:597)
                at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
                at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
                at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
                at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:184)
                at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:325)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User wsrp:minimal javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User wsrp:minimal denied
                at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
                at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
                at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:597)
                at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
I’ve set ADF Security for my Portlet Application following the steps below:
Create an Enterprise Role ‘Participante’. (The authenticated user has this group 'Participante' in LDAP)
Create an Application Role ‘participante-role’ and map to the enterprise role ‘Participante’.
Assign ‘participante-role’ to Web Page or Task Flow in Resources Grants.
Those steps work well when I am using Task Flows. If I use Portlets based on Page instead of Task Flow, the security does not work.
I have already tested the second option (create a guest user). The problem here is that the user has the authenticated-role associated to it.
Thanks for help.

Appearance of secured portlets in the page

I have portlets that are secured by user_id all published in one page. When a user signs on, they see their portlets and blank lines for portlets that they do not have access to. Is their any way to avoid these balnk lines.
Thanks
Valli

Hi Iris,
Activities appear in the calendar in SAP CRM if the calendar flag is active for the following:
1. For the transaction type (in customizing header level data)
Go to the following SAP CRM IMG Path:
IMG->Customer Relationship Management->Transactions->Basic Settings->Define Transaction Types
- Here select your transaction type and then go to dialog structure Assignment of Business Transaction Categories on left hand side of the menu
- Here select transaction category Business Activity and again go to dialog structure Customizing header level
- Please check whether the Calendar field is active here
2. For the respective Partner Function (Default value from the partner determination procedure)
Go to the following SAP CRM IMG Path:
IMG->Customer Relationship Management->Basic Functions->Partner Processing->Define Partner Determination Procedure
- Here select your partner determination procedure assigned to the transaction type
- Then to to dialog structure Partner functions in procedure
- Check whether the calendar maintenance field is active for the Partner Functions.
Hope this is clear to you and will resolve your issue.
regards
Srikantan

Security: Portlets visible to the outside world?

When I deploy portlets to a oc4j instance managed by the applicationserver it seems that the url of the webapplication is automatically visible through the ora http server. Since my webapplications only contain portlets that should be accessed by the portal, how do I prevent the outside world from sending request directly to the webapplication?

You have used some very general terms in your question but I will attempt to reply with some caveats.
Generally speaking most remote access VPNs use private addresses which are translated using NAT when traffic leaves the protected (internal) network en route to a public server, such as a web server on the Internet. You address appears to the remote server as one of the addresses from the NAT pool (or sometimes outside interface) of the VPN concentrator or firewall that is performing that function.
You can always check your address as it appears to the outside by browsing to something like http://whatismyip.com

Subscription / Notification BUG?

Hi,
We have a page containing a link to an Oracle Report that is set to open in a new window. You click on the link, a new window opens and the report runs,...just the way we want it to work.
The problem is if someone subscibes to the folder and is notified of our new report. If they click on the link presented in the "Notification Portlet", they get an error. What is happening is the "target=_blank" that is used on the base page to open a new window, is appended to the end of the URL in the Notification Portlet which of course screws the URL up.
Does anyone know a way around this? Is it a bug? Basically defeats the purpose of the Notification Portlet.
thanks

hi,
i have an idea that you could try out. in portal 9.0.4 (i think also 9.0.2.6) we are introducing a new item type: the reports item type. this allows you to integrate oracle reports as an item. you first register the reports server and the reports in the reports security portlet. after that you can add them as items to a page. when now displaying those new items in the notification portlet the behavior should exactly be as in the item defined (e.g. display in new browser window). this should solve your problem.
regards,
christian

JetSpeed Portal in Sun Java App Server 7

We are attempting to set up Jakarta's JetSpeed Portal 1.5 as a prototype (strictly out of the box initially) on our system, which is a Windows 2000 based OS, running Sun Java Platform Edition ver 7.0.1. We have had several issues getting it running. The main issues have been related to the Java Classpath and the .jar files that the App server is referencing. The documentation on the Net has been VERY sketchy as it relates to running JetSpeed on Sun Java. Most all the documentation and discussions that reference JetSpeed are based on running it in Tomcat (since they are both from Jakarta). We are already using Sun as our App Server and would like to continue doing so.
Anyway, JetSpeed is now up and running, however, we are stuck on one error. We have tried modifying the Classpath, pointing to different .jars, etc, with no luck. The consistent (in several portlets) exception we are getting in the Global Admin Portlet for example:
org.apache.turbine.util.TurbineException: Error rendering Velocity template: /controls/html/jetspeed.vm: Invocation of method 'getContent' in class org.apache.jetspeed.portal.security.portlets.CacheableStatefulPortletWrapper threw exception class java.lang.NoClassDefFoundError : null
We have seen this error referenced on the Net, but all the recommendations to fix it have failed. Does anyone:
A. Have any documentation or experience running JetSpeed in Sun One (Sun Java)?
B. Know how to resolve this issue?
Thanks in advance!!!!

We are attempting to set up Jakarta's JetSpeed Portal 1.5 as a prototype (strictly out of the box initially) on our system, which is a Windows 2000 based OS, running Sun Java Platform Edition ver 7.0.1. We have had several issues getting it running. The main issues have been related to the Java Classpath and the .jar files that the App server is referencing. The documentation on the Net has been VERY sketchy as it relates to running JetSpeed on Sun Java. Most all the documentation and discussions that reference JetSpeed are based on running it in Tomcat (since they are both from Jakarta). We are already using Sun as our App Server and would like to continue doing so.
Anyway, JetSpeed is now up and running, however, we are stuck on one error. We have tried modifying the Classpath, pointing to different .jars, etc, with no luck. The consistent (in several portlets) exception we are getting in the Global Admin Portlet for example:
org.apache.turbine.util.TurbineException: Error rendering Velocity template: /controls/html/jetspeed.vm: Invocation of method 'getContent' in class org.apache.jetspeed.portal.security.portlets.CacheableStatefulPortletWrapper threw exception class java.lang.NoClassDefFoundError : null
We have seen this error referenced on the Net, but all the recommendations to fix it have failed. Does anyone:
A. Have any documentation or experience running JetSpeed in Sun One (Sun Java)?
B. Know how to resolve this issue?
Thanks in advance!!!!

Portal R2 and reports 6i

Is it possible to view a report 6i report from Portal R2?
The report exists on server1 running Reports 6i server and must be viewed by a server2 running Portal R2?
What components are necessary on server1 and server2 to achieve this?
We performed a basic portal installation on server2 and cannot find the reports security portlet in the Administer section. Some documentation said we must customise the page and set the portlet visible but we can't find it. Can anyone explain what additional steps are needed.
Thanking You.
S shah.

Suraj,
You need Reports 9i Services to communicate with Portal 9iAS R2. When installing Reports 9i services, it will automatically enable the Reports Security portlet in Portal r2. Then you can use Reports 9i services to run the 6i report.
Regards,
-Jeff

Error: Timeout for content=#number#

RDBMS 8.1.6.3.
Sun solaris 2.6
My previous installation was OAS9i 1.0.2.0 with portal 3.0.6.x
Then yesterday I installed the OAS9i 1.0.2.2 (the runInstaller chose what software had to be deleted, upgraded or installed as new) and I upgraded the portal schemas with the script found here in OTN.
The whole process seemed all ok, but now when I access to the main portal page usually have the error in subject in the place of every portlet. Sometime the error is "Error: The portlet could not be located".
I think both are related to the upgrade process, but I checked the upgrade log produced by the script and found only errors about installing/upgrading Intermedia, but for me it is normal, as I have never installed it.
Does someone have suggestions/comments?
Thanks
Mauro
null

Hi all
First of all, I want to thank you for your suggestions.
Then I would inform you about my progress.
Following Hyundeok's suggestion (I don't use SSL), I checked the jserv.log and I found these errors:
1) Repository /pandorino_home/3rdsw/oradba/product/OAS9I/Apache/Jserv/servlets/Parallel.jar doesn't exist!
2) page/JNI: Exception when trying to connect in 1.
page/Timeout occurred, label=510 url=http://pandorino:7777/pls/dad_portal/!WWW_PORTAL.wwpro_app_provider.execute_portlet
page/ContentFetcher InterruptedIOException Caught, Fetcher Timedout name=content-fetcher5
3) (EMERGENCY) ajp12: ping: no reply (0) Please make sure that the wrapper.classpath is pointing to the correct version of ApacheJServ.jar
(EMERGENCY) ajp12[1]: cannot scan servlet headers (500)
(ERROR) an error returned handling request via protocol "ajpv12"
(ERROR) an error returned handling request via protocol "balance"
4) page/UncaughtException in thread name=content-fetcher2, starting a new fetcher after exception java.lang.ThreadDeath
My comments/actions:
About (1), very strange, the Parallel.jar file doesn't exist! But I don't think that
it is related to the error in subject. In any case this error is raised only at Apache startup.
About (2), when it occurs, I see the error "Error: Timeout for content=#number#" in the place of portlet.
following Randy's suggestion, I increased the timeout of:
(-) "Login Server" portlet provider (from 10 to 20 seconds),
(-) "Oracle Report Security" portlet provider (from 1(one) to 20 seconds),
(-) "Monitor" portlet provider (from 10 to 20 seconds).
About (3), I increased the timeout in the jserv.conf file: ApJServVMTimeout 20
About (4), when it occurs, I see the error "Error: The portlet could not be contacted" in the place of portlet.
No action performed.
After a week of tests, It seems that (2) and (3) have been fixed thanks to the increased timeout.
Concerning (4), it is still experienced by me and other users. I think that in this case the
last thing to try is to apply the patch fix suggested by John.
But at the moment I don't have time to do this, so in the meantime I will press the browser's "reload" button until the portlet is displayed.
Thanks again.
Mauro

Official oracle stance on portal 9.0.2 migrate/export/import

i have been working with oracle support, scouring the forums and deja and metalink, applying patches, standing on my head... trying to export my 9.0.2 portal applications, reports, pages and such from a 9.0.2 implementation into an exact same 9.0.2 implementation. i have run into issues with the reports, issues with the pages, corrupt objects that can't be deleted, most everything stated on this forum, plus more. i have asked oracle time and again when the migrate scripts [the FAQ still posted at technet and portalcenter STILL says the scripts will be available august/september] will be ready and have gotten no meaningful response. surely oracle cannot pretend that this export/import works and I NEED A REPLY FROM ORACLE AS TO THEIR OFFICIAL STANCE on this and as to when we can expect a working solution. i am going to have to recommend against oracle portal because we cannot get from our development environment into a testing one.

thanks... i do hope they can give us some expectation of when this will be ready for primetime. i couldn't get my pages across because i get a region not found error, so i tried just to import my provider applications that include rwreps with parameters. i figured worst case i could manually recreate the pages. the export indicates no errors, the import check mode indicates no errors, but the actual import gives me a warning on every portlet parameter and none of my reports come across:
sample warning i receive:
Importing portlet preferences ..........
Importing category/perspective info ..........
---------- Before Importing Pronto Tables ----------
*** Warning: no corresponding portlet parameter ID found on target for 295 for BUSINESS_UNIT
so i applied patch 2617359 per oracle support but no luck. apparently this is another bug being worked on by support [Bug:2644937 Abstract: IMPORT:PAGE:PRONTO:REPORT:SECURITY:PORTLET PARAMETER ID NOT FOUND IN LOG] but in the meantime i face the prospect of having to manually recreate 40 plus reports on each instance. this may or may not be related to bug 2426089 from version 3.0.9.x [Bug 2426089 Abstract: PARAMETERS ARE NOT VISIBLE AFTER REGISTERING THE REPORTS ON PORTAL]. i am still trying to come up with some way to get my reports across. i'm going to try exporting/importing just a report with nothing else and see what happens.

Using the Portal Single Sign-On for java applet clients

Hi
We have a task to build a java applet working within a portlet and comunicating to some session EJB(wrapped BC4J) running on the OC4J. The applet is presumably connecting to server via RMI. This connection should be restricted to some groups of portal users.
When a user is entering the applet he is supposed to be already logged into the Portal.
There is a lot of information on building custom secure portlets using only a pure HTML(same as JSP) client whith the help of the Portal Single Sign-On.
But, is it possible to use the Single Sign-On for establishing a secure RMI connection from applet to OC4J without entering a password in the applet once more?
Yuriy

Perhaps you can write a small JSP page or PLSQL
web procedure that will grab user name from
the SSO Server (via SSOSDK/mod_osso)
and invoke the applet with encrypted user name.
The applet will receive the encrypted username
and decrypt it to get the clear user name.
This help to get Single Sign-On.
To make sure that environment is secure, encrypted
user name parameter should have random salt,
user name, and time stamp to prevent replay attack.
Applet must make sure that the encrypted users name
time stamp set by the JSP/PLSQL page has value
within a reasonable time limit like 5 minutes

How to get security roles in a JSF portlet

I need to get the LDAP user-roles available in the Sun Portal Server 7 in my JSF-168 portlet.
I've added the mapping file, updated the portlet.xml and web.xml, deployed the portlet (psconsole). But the portlet shows the "content not available" error with javax....title title.
I've probably messed up the descriptors, but I don't see what is wrong. Here they are:
roleMaps.properties
cn\=VSM.Administrator,dc\=neco,dc\=cz=Administrator
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4">
<context-param>
    <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
    <param-value>server</param-value>
</context-param>
<context-param>
    <param-name>javax.faces.CONFIG_FILES</param-name>
    <param-value>/WEB-INF/navigation.xml,/WEB-INF/managed-beans.xml</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.validateXml</param-name>
    <param-value>true</param-value>
</context-param>
<context-param>
    <param-name>com.sun.faces.verifyObjects</param-name>
    <param-value>false</param-value>
</context-param>
<filter>
    <filter-name>UploadFilter</filter-name>
    <filter-class>com.sun.rave.web.ui.util.UploadFilter</filter-class>
    <init-param>
      <description>
          The maximum allowed upload size in bytes. If this is set
          to a negative value, there is no maximum. The default
          value is 1000000.
        </description>
      <param-name>maxSize</param-name>
      <param-value>1000000</param-value>
    </init-param>
    <init-param>
      <description>
          The size (in bytes) of an uploaded file which, if it is
          exceeded, will cause the file to be written directly to
          disk instead of stored in memory. Files smaller than or
          equal to this size will be stored in memory. The default
          value is 4096.
        </description>
      <param-name>sizeThreshold</param-name>
      <param-value>4096</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>UploadFilter</filter-name>
    <servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<servlet>
    <servlet-name>Faces Servlet</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
    <servlet-name>ExceptionHandlerServlet</servlet-name>
    <servlet-class>com.sun.errorhandler.ExceptionHandler</servlet-class>
    <init-param>
      <param-name>errorHost</param-name>
      <param-value>localhost</param-value>
    </init-param>
    <init-param>
      <param-name>errorPort</param-name>
      <param-value>25444</param-value>
    </init-param>
</servlet>
<servlet>
    <servlet-name>ThemeServlet</servlet-name>
    <servlet-class>com.sun.rave.web.ui.theme.ThemeServlet</servlet-class>
</servlet>
<servlet>
    <description>Generated By Sun Java Studio Creator</description>
    <display-name>CreatorPortlet Wrapper</display-name>
    <servlet-name>VSMPortal</servlet-name>
    <servlet-class>org.apache.pluto.core.PortletServlet</servlet-class>
    <init-param>
      <param-name>portlet-class</param-name>
      <param-value>com.sun.faces.portlet.FacesPortlet</param-value>
    </init-param>
    <init-param>
      <param-name>portlet-guid</param-name>
      <param-value>VSMPortal.VSMPortal</param-value>
    </init-param>
</servlet>
<servlet-mapping>
    <servlet-name>ExceptionHandlerServlet</servlet-name>
    <url-pattern>/error/ExceptionHandler</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>ThemeServlet</servlet-name>
    <url-pattern>/theme/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>VSMPortal</servlet-name>
    <url-pattern>/VSMPortal/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
    <welcome-file>faces/null</welcome-file>
</welcome-file-list>
<error-page>
    <exception-type>javax.servlet.ServletException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>java.io.IOException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>javax.faces.FacesException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<error-page>
    <exception-type>com.sun.rave.web.ui.appbase.ApplicationException</exception-type>
    <location>/error/ExceptionHandler</location>
</error-page>
<jsp-config>
    <jsp-property-group>
      <url-pattern>*.jspf</url-pattern>
      <is-xml>true</is-xml>
    </jsp-property-group>
</jsp-config>
     <security-role>
          <role-name>Administrator</role-name>
     </security-role>
</web-app>
portlet.xml
<?xml version='1.0' encoding='UTF-8' ?>
<portlet-app xmlns='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xsi:schemaLocation='http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd                         http://java.sun.com/xml/ns/portlet/portlet-app_1_0.xsd' version='1.0'>
     <portlet>
          <description>Created By Java Studio Creator</description>
          <portlet-name>VSMPortal</portlet-name>
          <display-name>VSMPortal Portlet</display-name>
          <portlet-class>com.sun.faces.portlet.FacesPortlet</portlet-class>
          <init-param>
               <name>com.sun.faces.portlet.INIT_VIEW</name>
               <value>/Uctarna.jsp</value>
          </init-param>
          <expiration-cache>0</expiration-cache>
          <supports>
               <mime-type>text/html</mime-type>
               <portlet-mode>VIEW</portlet-mode>
          </supports>
          <supported-locale>en</supported-locale>
          <portlet-info>
               <title>VSMPortal</title>
               <short-title>VSMPortal</short-title>
               <keywords>Creator</keywords>
          </portlet-info>
          <security-role-ref>
               <role-name>Administrator</role-name>
               <role-link>Administrator</role-link>
          </security-role-ref>
     </portlet>
</portlet-app>If I don't use the security-role and security-role-ref tags, the portlet works, and the isUserInRole method obviously doesn't.

Nobody uses the LDAP roles in a portlet? Anybody knows other thread discussing similar issue (I can't find anything)?

How to set userName from security context to Criteria in portlet

Hi,
From the portal application I have to get the logged in user and use the same user to filter the records in Portlet. I have to execute a view Criteria in portlet as a default method activity which takes logged in user as a input param.
Is this achievable? Please let me know.
Thanks in Advance
Morgan.
Edited by: Morgan Freeman on Aug 24, 2011 1:22 AM

I have been doing some testing and there seems to be an issue with passing username to the portlet.
Normally things like security.userName or portletrequest.getRemoteUser() should all work and they do work in webcenter PS2 but since JSR 286 this does not seem to work anymore.... ALthough the documentation of oracle states that is works but it doesn't :)
A working workaround is to create a public render parameter (portlet parameter) and pass the username to that.
I'll see if there is a configuration that we need to make in order for this to work.

Item level security not working when placed in a portlet page

I have three page links linking to separate pages and have two of them with item level security turned on for specific groups with view privilges. I have the access for those groups with view privilges in the page level as well. I have published that as portlet and placed the portlet in another page which has view priviliges for the groups specified in item level as well.
But I notice that when i place the portlet in a page, the item level security is not working.
Item Level Security Not Working for Items Placed on a page and published as portlet and placed in another page. Is there some work around for this.
Thanks
Valli

Would you please clarify for me? Is the problem that unauthorized people can see the portlet, or that unauthorized people can see the links?

Secure Portlet

Similar Messages

Maybe you are looking for