Re: Good Portlet Example that implements security

Tue, 20 Apr 2010 02:49:19 -0700 

Hi Gonzalo,

I think you can consider using PortletRequest#isUserInRole(role) method for 
programatic security checks.
See 
http://portals.apache.org/pluto/portlet-api/apidocs/javax/portlet/PortletRequest.html#isUserInRole(java.lang.String)

Regards,

Woonsan


----- Original Message ----
> From: Gonzalo Aguilar Delgado <gagui...@aguilardelgado.com>
> To: jetspeed-dev@portals.apache.org
> Sent: Tue, April 20, 2010 11:03:13 AM
> Subject: Good Portlet Example that implements security
> 
> 
Hi, 

Until now all my portlets relayed on page security. No other 
> policies
were implemented at portlet level. 

Now I realized that even 
> when the session is lost the portlets shows
normal. The user can work with 
> them until a submit is done. When this
happens the valve in charge of 
> security redirects to the login page and
all work is lost. 

So the 
> only solution is check security constraints inside the portlet. 

I 
> reviewed some portlets but the only that does something 
> is
UserRegistrationPortlet


        // 
> roles
        this.roles = getInitParameterList(config, 
> IP_ROLES);

        // groups
      
>   this.groups = getInitParameterList(config, 
> IP_GROUPS);


Although I don't see it to check for 
> constraints...


Is there any good example of portlet that checks 
> against security
constraints? I prefer of course if it's a wicket 
> portlet.

Thank you!
Kindest regards,


NOTE: I finally 
> decided to go with the ASL 2.0 that makes projects
commercial open... I will 
> release it as soon as I implement a little bit
of security... Hope we can 
> include the birt viewer in the jetspeed
applications 
> project.




---------------------------------------------------------------------
To 
> unsubscribe, e-mail: 
> ymailto="mailto:jetspeed-dev-unsubscr...@portals.apache.org"; 
> href="mailto:jetspeed-dev-unsubscr...@portals.apache.org";>jetspeed-dev-unsubscr...@portals.apache.org
For 
> additional commands, e-mail: 
> ymailto="mailto:jetspeed-dev-h...@portals.apache.org"; 
> href="mailto:jetspeed-dev-h...@portals.apache.org";>jetspeed-dev-h...@portals.apache.org


      

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org

Reply via email to