portals-jetspeed-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Sean Taylor <da...@bluesunrise.com>
Subject Re: PorletPermission
Date Mon, 23 Jan 2006 09:06:16 GMT
Michael Gustav Simon wrote:
> Hello,
> I do not understand the permission for portlets!
> 
> If I set a role (ex. admin) to a portlet (ex. Helloworld Portlet Wrapper) in
> the "Root Folder >> Jetspeed Administrative Portlets >> Portlet Application
> Manager" / "Portlet Application Detail" tab "Portlets" subtab "Security" and
> relogin with an user (ex. user), the portlet can selected (portlet: "Portlet
> Selector") for in the customization page.
> 
I think this is a great idea, but its NOT where portlet permissions are 
configured. Unfortunately there is not a connection between this admin 
portlet and the security policy that holds portlet permissions.

You need to set portlet permissions in the database, such as in the seed 
data:

INSERT INTO SECURITY_PERMISSION 
VALUES(100,'org.apache.jetspeed.security.PortletPermission','j2-admin::*','view, 
edit','2004-05-22 16:27:12.572','2004-05-22 16:27:12.572');


> The portlet "Portlet Selector" will filter the portlets with the following
> code-snippet.
> 
yes

> (PortletSelector.java)
> ...
> if (permissionManager.checkPermission(subject,
>   new PortletPermission(portlet.getUniqueName(),
>   SecuredResource.VIEW_ACTION, subject )))
> {
>   list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale),
> portlet.getDescriptionText(locale)));
> }
> ...
> 
> Why is this portlet selectable?
> 
Im not sure if I understand that question...

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org


Mime
View raw message