Hey guys, I see that in the Portlet spec that a future requirement is to support the notion of a Portlet Filter. It is too bad it isn't there at the moment as it would be really nice.
So, I'm looking for suggestions for something that will more or less accomplish the same thing. That is, some piece of logic will be invoked prior to invoking the processAction or the render methods of portlets. There are a number of things I would like to accomplish in this phase: 1. perform role-based security checks against the invoked portlet. This would require that: -I would know which portlet is being invoked. -I would have access to the PortletRequest object (and thus the portlet context as well). -I would need to somehow render some kind of access denied fragment if the security check didn't pass. 2. check the user principal name and if there is a "Profile" session object and load the matching profile object if it is missing or if there is a mismatch and bind it to the session. This would require that: -I would have access to the PortletRequest object (and thus the portlet application session). I realize for the latter, that there are user attributes and so forth for the "profile" requirements. However, I am utilizing tomcat's SSO functionality and will need a comprehensive profile in servlet apps outside of the portal anyway. This also gives me the ability to store more than just strings. I don't think there is anything that can accomplish the above really so I think I will proceed with creating a Portlet interface and base Portlet class that will implement this functionality in its render and processAction methods that all of my other portlets will need to extend/implement. This of course does not help me with existing 3rd party portlets, especially J2 admin portlets. However, I would like to see if anyone else has any suggestions. Perhaps a valve of somekind? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
