portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor" <da...@bluesunrise.com>
Subject Securing VelocityPortlet actions
Date Sat, 12 Oct 2002 04:49:59 GMT
I'd like to use the Jetspeed Security registry for securing access to
Velocity portlet actions.
I believe that Velocity portlet action events are very big security hole in
Jetspeed, and it should be fairly simple to plug it, one would think.
A few weeks ago I reviewed the code, and it was the same old situation: we
are in the action, but do we have access to the portlet....

To make a long story short, I failed to get access to the portlet in the
action when I needed it -- when an action event kicks off, it doesn't know
about its portlet. Correct me if Im wrong....I can just hear Raphael "its
easy, just do this..." and I hope he does, really.

But since the action kicks off before the instance is created, its even more
difficult to get the portlet instance security-ref.

Any insight on how to get the security constraints during an action event?
I would like to put this code in one of the base classes. I don't want to be
checking security in each and everyone of my action events.



--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message