Paul, This definitely a more elegant and less invasive approach. I will play with it this morning. Thank you for the suggestion.
Scott > -----Original Message----- > From: Paul Spencer [mailto:[EMAIL PROTECTED]] > Sent: Sunday, July 21, 2002 6:22 PM > To: Jetspeed Developers List > Subject: Re: [PROPOSAL] add checkPermission(JetspeedUser, > SecurityReference, S tring) to PortalAccessController > > Why not just add a checkPermission(rundata. > JetspeedSecurity.PERMISSION_VIEW) in BasePortletSet's getContent()? > This is consistent with the Wrapped portlet and does not affect, which > is should not, the security implementation. > > Paul Spencer > > Weaver, Scott wrote: > > > This would make it easy to check the security of an entire PSML > documents. As it stands the, you can set the security for an entire > document through the customizer. However, this currently, AFAIK, is just > for show and Jetspeed never validates it. > > > > If we could check a permission against a SecurityReference, securing an > entire PSML would be a snap! > > > > Required changes: > > 1. Add method to PortalAccessController > > 2. Implement methods in NoSecurityAccessController (easy), > RegistryAccessController (easy) and TurbineAccessController (a little work > but shouldn't be too bad) > > 3. Add method as static to JetspeedPortalAccessController fa�ade class. > > 4. Add method as static, via JetspeedPortalAccessController, to > JetspeedSecurity fa�ade class. > > 5. Add required logic to JetspeedTool (see below) > > > > I have everything, excepted for TurbineAccessController, finished and I > am currently testing it. > > > > This is a snippet of code I have working in JetspeedTool.getPane() > > > > ... > > PSMLDocument doc = profile.getDocument(); > > if (null != doc) > > { > > Portlets portlets = doc.getPortlets(); > > SecurityReference secRef = portlets.getSecurityRef(); > > JetspeedUser user = rundata.getJetspeedUser(); > > > > if(user == null) > > { > > user = JetspeedSecurity.getAnonymousUser(); > > Log.info("No user found so using anonymous user"+user); > > } > > > > if(secRef == null) > > { > > result = PortalToolkit.getSet(portlets).getContent(rundata); > > } > > else if(JetspeedSecurity.checkPermission(user, secRef, > JetspeedSecurity.PERMISSION_VIEW)) > > { > > result = PortalToolkit.getSet(portlets).getContent(rundata); > > } > > else > > { > > result = new StringElement("Sorry, you have do not have permission > to see this pane"); > > } > > } > > ... > > > > I welcome comments, suggestions and persecution ;) from anyone on this > approach, > > Scott > > > > > > > > -- > To unsubscribe, e-mail: <mailto:jetspeed-dev- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:jetspeed-dev- > [EMAIL PROTECTED]>
