portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor" <da...@bluesunrise.com>
Subject RE: Securing VelocityPortlet actions
Date Mon, 14 Oct 2002 23:25:27 GMT
Well, originally I was thinking we'd get the constraints from the portlet or
portlet instance.
That way we don't need a xreg file.
But if we go for the more granular solution, then yes, I suppose we have
some possibilities:

    <security-entry name="owner-only">
        <access action="actionEvent:MyPortlet.doUpdate">
            <allow-if-owner/>
        </access>
    </security-entry>

For me, Im fine without the example above and simply going with portlet or
portlet instance security constraints.
The finer granularity can come later.
Problem is, still don't know how to get the action to link up to the portlet
at action execution time.



--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message