Hi all, I originally posted the below message to the jetspeed-user mailing list. Some additional comments on why it is preferable to have fragment-level security access:
It would simplify the control in terms of specifying what fragments/portlets can be viewed at all. Ofcourse, you could use the portlet API to access user roles and control the access based on it. But it has two disadvantages - (1) Requires code changes (2) In terms of UI, the portlet frame would be rendered and we control the content (which is probably what not everybody wants) I put forward this request to reconsider supporting the fragment level access control in M4, more so because the code already exists. Many thanks to all developers of Jetspeed! - Prashanth -----Original Message----- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Monday, August 15, 2005 7:16 PM To: Jetspeed Users List Subject: Re: [J2] Portlet level access Prashanth, This was indeed discussed, but we opted to not enforce the security at the fragment level because there are portlet API tests that allow the portlets to test and inforce their security requirements as they choose. However, we did leave the low level security support in place in case we wanted to optionally support it at the portlet level some time in the future. Please discuss on the dev list if you think you have a case that requires portal security enforcement at the portlet level... the future may be now... Randy Prashanth Gujjeti wrote: >Doug/Randy, and others: > >I was following up on the thread below which has a detailed discussion >on the portlet level access restriction. And Randy suggested that the >same might be targeted towards M2. > >http://mail-archives.apache.org/mod_mbox/portals-jetspeed-user/200412.m >b >ox/[EMAIL PROTECTED] > >I have the release M3 installed, and I am trying to restrict access to >certain portlets on a given PSML page based on the user's roles ( by >defining security-constraints for fragmnets). But, it does not seem to >be working. So, I was wondering whats the status of the same or if >there is updated information elsewhere? > >Thanks for your help! > >- Prashanth > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
