Hi everybody,

I have one simple question to ask (I expect the answer to be a little more complex).
Is there a possibility to forward user credentials after user authentication in Liferay to JBoss application server? I would like to be able to let a porlets call methods in secured EJB's using the authentication and authorization mechanisms of Liferay. Liferay needs to act as security provider and this provider needs to be shared amoung different portlets and session beans deployed in the application server. FYI, I wish to use Vaadin to implement the different portlets. Currently I use Liferay 6.0.6 and JBoss 5.1.0 with Vaadin 6.8.7.

As a possible solution I have tried to implement a CallbackListener in the portlet to pass userid and password retrieved from the RenderRequest to the JAAS LoginModule in JBoss. This login module then verifies against the User_ and Role_ tables in the portal database. Since portlets are not aware of each other, this approach results in individual authentication for each portlet to the application server which seems a waste of resource in my opinion. Since the portal in itself is fully aware of the authenticated user and its roles, there must be a better solution to achieve this. I have tried Googling and searching the Liferay forum for a solution, but I don't seem to find anything pointing me into the right direction...

Any suggestions of forum references are welcome. Thank you for taking the time to read this post.

Regards,
Kurt