Michael Gustav Simon wrote:
Hello,
I do not understand the permission for portlets!
If I set a role (ex. admin) to a portlet (ex. Helloworld Portlet Wrapper) in
the "Root Folder >> Jetspeed Administrative Portlets >> Portlet Application
Manager" / "Portlet Application Detail" tab "Portlets" subtab "Security" and
relogin with an user (ex. user), the portlet can selected (portlet: "Portlet
Selector") for in the customization page.
I think this is a great idea, but its NOT where portlet permissions are
configured. Unfortunately there is not a connection between this admin
portlet and the security policy that holds portlet permissions.
You need to set portlet permissions in the database, such as in the seed
data:
INSERT INTO SECURITY_PERMISSION
VALUES(100,'org.apache.jetspeed.security.PortletPermission','j2-admin::*','view,
edit','2004-05-22 16:27:12.572','2004-05-22 16:27:12.572');
The portlet "Portlet Selector" will filter the portlets with the following
code-snippet.
yes
(PortletSelector.java)
...
if (permissionManager.checkPermission(subject,
new PortletPermission(portlet.getUniqueName(),
SecuredResource.VIEW_ACTION, subject )))
{
list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale),
portlet.getDescriptionText(locale)));
}
...
Why is this portlet selectable?
Im not sure if I understand that question...
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
