Re: portlet level security constraint

Mon, 23 Jan 2006 08:18:28 -0800 

Michael,

This is a work in progress... here is how it is done at a high level:
1. One can specify PortletPermissions in the DB. These permissions are used to control whether a portlet can be added to a page using the customizer. This is a global specification.
2. Fragment level SecurityConstraints can be specified to control visibility of portlets in a page. These settings are local to a page only.
There is a JIRA issue open against this: https://issues.apache.org/jira/browse/JS2-354. Feel free to comment. 

Randy

Michael Gustav Simon wrote:

Hello j2-users,
i cannot found a solution to set security constraint on portlet level.
Security constraint can be set for page level.
<security-constraints>
 <security-constraint>
  <roles>member</roles>
  <permissions>view</permissions>
 </security-constraint>
 <security-constraint>
  <roles>manager</roles>
  <permissions>edit</permissions>
 </security-constraint>
</security-constraints>
For a member the portlets will be in the view mode only.
User with the role manager can change to the editmode the displayed
portlets.
I found the following description in the book "Portlets and Apache Portals":

Constraints work with principals (role, user, and group) and permissions.

Permissions are actions

provided by the portal implementation. Jetspeed-2 follows the portlet

specification, providing

permissions to mirror the default portlet modes: view, edit, and help. The

constraint shown in

Listing 12.10 constrains access to the default page for members by

granting the view permission

to users with the role member, and granting the edit permission to users

with the role manager.

Similarly, constraints can also be applied to pages and portlets.


__constraints can also be applied to pages and portlets__


How do I can set a security constraint to a portlet?
The user should be able to add, view and configure portlets with an
associated role only!
Anyone an idea?




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to