Oracle9iAS Portal Developer Kit
How to Create an Authenticated-User Security Portlet

There are many ways to secure your portlet.  This article describes how to build a portlet that displays two types of information based on the logged-in user.

ASSUMPTIONS

  1. You have already installed the samples downloaded with the JPDK and understand the steps required to display a web portlet on a portal page.  For more information on installing the sample, please review the Installing the PDK-Java Framework and Samples article.

  2. You have read and followed the instructions from the article How to Build a Java Portlet article. You have successfully built My First Portlet.

  3. You are using the Oracle HTTP Server to execute and display your servlets used by the JPDK.  If you are using a 3rd party listener, please modify the article accordingly. Note:  Your Oracle HTTP Server does not need to the same listener that serves your Portal pages.

CREATING THE PORTLET

  1. Write a JSP that displays certain information based upon whether the user has been authenticated.  If  a public user is accessing the portal page, the JSP displays a generic message.  If the user is authenticated with Oracle9iAS Portal, then displays a message with more information. 

    <%@page import = "oracle.portal.provider.v1.*, oracle.portal.provider.v1.http.*" %>

    <%

    PortletRenderRequest portletRequest = (PortletRenderRequest)

    PortletSecurityManager portletSecurity = (PortletSecurityManager)

    request.getAttribute(HttpProvider.PORTLET_RENDER_REQUEST);

    %>

    <center>

    <h2>

    <%

    String user = portletRequest.getUser().getName();

    if (portletSecurity.hasAccess(user) {

    out.println("Hello " + portletRequest.getUser().getName() + ", we have verified that you are authenticated and  you are viewing Administrative content");

    }

    else {

    out.println("Hello " + portletRequest.getUser().getName() + " you are viewing general content");

    }

    %>

    </h2>

    </center>

  2. Close and Save this file as mysecurityportlet.jsp.  

UPDATING FRAMEWORK

This section explains how to create a provider.xml to describe and list your new portlet.  It then explains how to update the Oracle HTTP Server to view the new provider.xml.

Creating a provider.xml

  1. In this section you will create a new provider.xml.  Creating a new provider.xml will allow you add new portlets without affecting Web Providers already registered with Oracle9iAS Portal.

    1. Open a text editor.

    2. Add the following entry to the file.  Note:  If you plan to add additional portlets in the future, verify that your portlet ID is unique for this provider.

      <provider class="oracle.portal.provider.v1.http.DefaultProvider" session="true">

      <portlet class="oracle.portal.provider.v1.http.DefaultPortlet" version="1" >

      <id>1</id>

      <name>MySecurityPortlet</name>

      <title>My Security Portlet</title>

      <description>This portlet displays information based on whether the user has authenticated.</description>

      <timeout>5</timeout>

      <timeoutMsg>My Security Portlet timed out</timeoutMsg>

      <showEdit>false</showEdit>

      <showEditDefault>false</showEditDefault>

      <showPreview>false</showPreview>

      <showDetails>false</showDetails>

      <hasHelp>false</hasHelp>

      <hasAbout>false</hasAbout>

       

      <acceptContentTypes>

      <item>text/html</item>

      </acceptContentTypes>

       

      <renderer class="oracle.portal.provider.v1.http.PageRenderer" >

      <appPath>/myfirstportlet</appPath>

      <appRoot>C:\9iAS\Apache\Apache\htdocs\myfirstportlet</appRoot>

      <showPage>mysecurityportlet.jsp</showPage>

      </renderer>

      </portlet>

       

      </provider>

       
  1. Save and close the file.  Make sure to name the file "provider.xml".  
  1. Place the file in any directory other than the location where the JPDK provider.xml resides.  Remember the location.  For example:  C:\mysecurityportlet\provider.xml

Updating the zone.properties

  1. Currently the zone.properties has an argument called provider_root that points the Adapter to the directory where the provider.xml for the jpdk resides.  We will add a new entry to point to our new provider.xml in addition to the previous one.

  2. Stop the Oracle HTTP Server.

  3. Open zone.properties.

  4. Under the Servlet Aliases section add the following: 
    servlet.secure.code=oracle.portal.provider.v1.http.HttpProvider
  5. Under the Aliased Servlet Init Parameters section, add the following: 
    servlet.secure.initArgs=provider_root=C:\mysecurityportletjsp,sessiontimeout=1800000

  6. Save and close the file.

  7. Start the Oracle HTTP Server.

  8. Now, test that you can execute the Adapter by calling the newly added alias. For example, type in the URL: 
    http://host.domain:port/servlet/secure
  9. You should receive a sample page.

VIEW PORTLET

  1. Now that you have successfully tested your new alias.  You will need to register a new provider that calls this alias.

  2. Register your new Provider.

    1. Name:  MySecurityPortlet

    2. Display Name:  My Security Portlet

    3. Timeout:  100

    4. Timeout Message:  My Seucrity Portlet Timed Out

    5. Implementation Style:  Web

    6. Provider Login Frequency:  Once per User Session

    7. URL:  http://host.domain:port/servlet/secure

  3. Click on OK.

  4. Now add your new portlet to a page.  Take note to view the title and description.

Now that you have successfully built a secured portlet, please the following articles for more information on portlet security.

Revision History: