Fórum
Questions to: Liferay + Portlet Bridge for JSF/GenericFacesPortlet+Spring
Dennis Dingeldein, modificado 13 Anos atrás.
Questions to: Liferay + Portlet Bridge for JSF/GenericFacesPortlet+Spring
New Member Mensagem: 1 Data de Entrada: 08/03/11 Postagens Recentes
Hello,
(I am not sure if I have to post this in Liferay forum or Spring forum)
I have to transfer an existing web application to a portlet environment.
My current approach is to use the GenericFacesPortlet that is part of the JSF Portlet Bridge Standard. By using this approach, in theory, the servlet web application needs only minor adaptions to run as a portlet.
I managed to convert a simple web application containing JSF and Rich Faces to use the GenericFacesPortlet. This worked well and so I tried to convert the “real” application using this approach. (Versions: Liferay 6.0.5, Portlet Brigde 2.0.1x from JBoss, Spring Security 2.0.6)
The “real” application does additionally use:
- Spring Web MVC
- Spring Security
- Spring WebFlow
- (and many more Spring libs)
Spring Security (e.g. the Filter Chain) is initialized by Liferay during context initialization of the portal. At that time, no user is logged in and the Spring Security can not extract a valid user. This is ok, but after that initialization, the Spring Security Filter Chain is not called ever again. So Spring is not able to use the pre-authentication of Liferay.
I like to keep Liferay as the leading authenticating instance and the portlet using the authentication done by liferay.
My first question: What are the recommended hooks for linking Spring Security to Liferay?
I found a way to initialize Spring Security from Liferay (described for Liferay 4.x and old version of Spring Security here: http://acegi-ext.sourceforge.net/acegi-portlet-liferay.html). Solution described there (among other things) in short: Add your own own LoginPostAction-class to Liferays login.events.post property from portal.properties file (to be found in Liferays portal-impl.jar). There, the authentication data from a successful login can be extracted from Portlet/Portal Environment and transferred to Spring Security. The LoginPostAction class defines therefore the method
[indent]run( HttpServletRequest request, HttpServletResponse response) [/indent]
which can be extended to initialize e.g. Spring Security.
I think using this way I can initialize Spring Security.
But this does not help much, because after initialization, Spring Security is never called again during Portlet execution. What is missing is a connection between the mapped Servlet Requests (mapped by GenericFacesPortlet?) and the Spring Security Filter Chain. This Chain is never called during my tests.
I know that there is a Spring Portlet MVC (and a Spring Portlet Security) jar.
Question 2: Will the Spring Portlet MVC help me converting an existing web application to a portlet with minor adaptions of the existing web application? (ok, this question falls more into the Spring forum...)
I like to develop my code based on standards.
Question 3: What is the relation of Spring Portlet MVC and Generic Portlet, is the Portlet MVC an alternative approach to the GenericFacesPortlet of the PortletBridge standard? (ok, this question falls also more into the Spring forum...)
Any hint is appreciated,
Dennis
(I am not sure if I have to post this in Liferay forum or Spring forum)
I have to transfer an existing web application to a portlet environment.
My current approach is to use the GenericFacesPortlet that is part of the JSF Portlet Bridge Standard. By using this approach, in theory, the servlet web application needs only minor adaptions to run as a portlet.
I managed to convert a simple web application containing JSF and Rich Faces to use the GenericFacesPortlet. This worked well and so I tried to convert the “real” application using this approach. (Versions: Liferay 6.0.5, Portlet Brigde 2.0.1x from JBoss, Spring Security 2.0.6)
The “real” application does additionally use:
- Spring Web MVC
- Spring Security
- Spring WebFlow
- (and many more Spring libs)
Spring Security (e.g. the Filter Chain) is initialized by Liferay during context initialization of the portal. At that time, no user is logged in and the Spring Security can not extract a valid user. This is ok, but after that initialization, the Spring Security Filter Chain is not called ever again. So Spring is not able to use the pre-authentication of Liferay.
I like to keep Liferay as the leading authenticating instance and the portlet using the authentication done by liferay.
My first question: What are the recommended hooks for linking Spring Security to Liferay?
I found a way to initialize Spring Security from Liferay (described for Liferay 4.x and old version of Spring Security here: http://acegi-ext.sourceforge.net/acegi-portlet-liferay.html). Solution described there (among other things) in short: Add your own own LoginPostAction-class to Liferays login.events.post property from portal.properties file (to be found in Liferays portal-impl.jar). There, the authentication data from a successful login can be extracted from Portlet/Portal Environment and transferred to Spring Security. The LoginPostAction class defines therefore the method
[indent]run( HttpServletRequest request, HttpServletResponse response) [/indent]
which can be extended to initialize e.g. Spring Security.
I think using this way I can initialize Spring Security.
But this does not help much, because after initialization, Spring Security is never called again during Portlet execution. What is missing is a connection between the mapped Servlet Requests (mapped by GenericFacesPortlet?) and the Spring Security Filter Chain. This Chain is never called during my tests.
I know that there is a Spring Portlet MVC (and a Spring Portlet Security) jar.
Question 2: Will the Spring Portlet MVC help me converting an existing web application to a portlet with minor adaptions of the existing web application? (ok, this question falls more into the Spring forum...)
I like to develop my code based on standards.
Question 3: What is the relation of Spring Portlet MVC and Generic Portlet, is the Portlet MVC an alternative approach to the GenericFacesPortlet of the PortletBridge standard? (ok, this question falls also more into the Spring forum...)
Any hint is appreciated,
Dennis