portals-jetspeed-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Watler <wat...@wispertel.net>
Subject Re: portlet level security constraint
Date Mon, 23 Jan 2006 16:08:47 GMT

This is a work in progress... here is how it is done at a high level:

1. One can specify PortletPermissions in the DB. These permissions are 
used to control whether a portlet can be added to a page using the 
customizer. This is a global specification.

2. Fragment level SecurityConstraints can be specified to control 
visibility of portlets in a page. These settings are local to a page only.

There is a JIRA issue open against this: 
https://issues.apache.org/jira/browse/JS2-354. Feel free to comment.


Michael Gustav Simon wrote:
> Hello j2-users,
> i cannot found a solution to set security constraint on portlet level.
> Security constraint can be set for page level.
> <security-constraints>
>  <security-constraint>
>   <roles>member</roles>
>   <permissions>view</permissions>
>  </security-constraint>
>  <security-constraint>
>   <roles>manager</roles>
>   <permissions>edit</permissions>
>  </security-constraint>
> </security-constraints>
> For a member the portlets will be in the view mode only.
> User with the role manager can change to the editmode the displayed
> portlets.
> I found the following description in the book "Portlets and Apache Portals":
>> Constraints work with principals (role, user, and group) and permissions.
> Permissions are actions
>> provided by the portal implementation. Jetspeed-2 follows the portlet
> specification, providing
>> permissions to mirror the default portlet modes: view, edit, and help. The
> constraint shown in
>> Listing 12.10 constrains access to the default page for members by
> granting the view permission
>> to users with the role member, and granting the edit permission to users
> with the role manager.
>> Similarly, constraints can also be applied to pages and portlets.
> __constraints can also be applied to pages and portlets__
> How do I can set a security constraint to a portlet?
> The user should be able to add, view and configure portlets with an
> associated role only!
> Anyone an idea?

To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org

View raw message