I'm attempting to write a portlet that has some additional internal security features. The overall goal will be to allow selected access to MBeans on a remote server (for the time being the goal is to restart foreign JVMs on a WAS 5.1 AS).
At any rate, I was hoping to make the security checks internal to the portlet based on a user's JBP roles. In doing so, I have set up portlet.xml with the following: . . . | <security-role-ref> | <role-name>MyPortletUser</role-name> | <role-link>User</role-link> | </security-role-ref> | <security-role-ref> | <role-name>MyPortletAdmin</role-name> | <role-link>Admin</role-link> | </security-role-ref> | . . . With this setup, I can programmatically check if a user is part of a particular group with isUserInRole() for either of the two listed roles. My curiosity is if the roles that I use inside the portlet are strictly defined by the contents of this descriptor. Would it be possible to test against some other role-name, without editing the descriptor? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064524#4064524 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4064524 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
