I'd like to use the Jetspeed Security registry for securing access to Velocity portlet actions. I believe that Velocity portlet action events are very big security hole in Jetspeed, and it should be fairly simple to plug it, one would think. A few weeks ago I reviewed the code, and it was the same old situation: we are in the action, but do we have access to the portlet....
To make a long story short, I failed to get access to the portlet in the action when I needed it -- when an action event kicks off, it doesn't know about its portlet. Correct me if Im wrong....I can just hear Raphael "its easy, just do this..." and I hope he does, really. But since the action kicks off before the instance is created, its even more difficult to get the portlet instance security-ref. Any insight on how to get the security constraints during an action event? I would like to put this code in one of the base classes. I don't want to be checking security in each and everyone of my action events. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
