Re: [PROPOSAL] add checkPermission(JetspeedUser, SecurityReference, S tring) to PortalAccessController

Sun, 21 Jul 2002 16:00:35 -0700 

Why not just add a checkPermission(rundata. 
JetspeedSecurity.PERMISSION_VIEW) in BasePortletSet's getContent()? 
This is consistent with the Wrapped portlet and does not affect, which 
is should not, the security implementation.

Paul Spencer

Weaver, Scott wrote:

> This would make it easy to check the security of an entire PSML documents.  As it 
>stands the, you can set the security for an entire document through the customizer.  
>However, this currently, AFAIK, is just for show and Jetspeed never validates it.  
> 
> If we could check a permission against a SecurityReference, securing an entire PSML 
>would be a snap!
> 
> Required changes:
> 1. Add method to PortalAccessController
> 2. Implement methods in NoSecurityAccessController (easy), RegistryAccessController 
>(easy) and TurbineAccessController (a little work but shouldn't be too bad)
> 3. Add method as static to JetspeedPortalAccessController fa�ade class.
> 4. Add method as static, via JetspeedPortalAccessController, to JetspeedSecurity 
>fa�ade class.
> 5. Add required logic to JetspeedTool (see below)
> 
> I have everything, excepted for TurbineAccessController, finished and I am currently 
>testing it.
> 
> This is a snippet of code I have working in JetspeedTool.getPane()
> 
> ...
> PSMLDocument doc = profile.getDocument();
> if (null != doc)
> {
>   Portlets portlets = doc.getPortlets();
>   SecurityReference secRef = portlets.getSecurityRef();
>  JetspeedUser user = rundata.getJetspeedUser();
>                                        
>   if(user == null)
>   {                          
>     user = JetspeedSecurity.getAnonymousUser();
>     Log.info("No user found so using anonymous user"+user);
>   } 
>                     
>   if(secRef == null) 
>   {
>     result = PortalToolkit.getSet(portlets).getContent(rundata);
>   }
>   else if(JetspeedSecurity.checkPermission(user, secRef, 
>JetspeedSecurity.PERMISSION_VIEW))
>   {
>     result = PortalToolkit.getSet(portlets).getContent(rundata);
>   }
>   else
>   {
>     result = new StringElement("Sorry, you have do not have permission to see this 
>pane");
>   }
> }
> ...
> 
> I welcome comments, suggestions and persecution ;) from anyone on this approach,
> Scott
> 
> 



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to