On Feb 6, 2009, at 5:57 AM, Carvalho, Ruben wrote:
I am trying to change the portlet security on some portlets by
creating
a new security constraint definition and associating it with a portlet
definition.
The updatePageSecurity method (*** below) throws the unchecked
exception
SecurityException. I assume the reason for this is to force the code
to
first check if a user has "admin" permissions.
Do you mean the PageManager's updatePageSecurity method?
public void updatePageSecurity(PageSecurity pageSecurity) throws
NodeException, FailedToUpdateDocumentException
Yes, if you are running with a security policy, Jetspeed will use it.
Jetspeed has the ability to run with a security policy in place,
configurable with Spring.
However, we do not have a method-based security policy. All policy
checks are the equivalent of the constraint checks.
Thus, updating the page security is limited to the access of the root
folder. So if you set the constraint or permission on the root folder,
you are in effect setting the permission / constraint on the page
security definitions.
The reason being is that in the file-based PSML impl, the
page.security file is stored in the root.
When I say (permission / constraint), I mean it can be one or the other.
In your page manager configuration you can choose whether you want to
use permission or constraint based security checks
My question is how can I validate that the user trying to set this
security constraint has permission to do it beforehand?
Well you can make the call :) and it will throw an exception...
Or you can do one of several APIs, one that comes to mind, get the
pageSecurity object:
PageSecurity pageSecurity = pageManager.getPageSecurity();
and then call:
pageSecurity.checkAccess(JetspeedActions.EDIT);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
