I was going to say "nothing changed". But I reviewed the 2.2.2 release notes and found this improvement:
https://issues.apache.org/jira/browse/JS2-1262 You can try this (from the JIRA issue): "By adding a <js:metadata name="render-time.security-constraints">true</js:metadata> tag to a portlet configuration in jetspeed-portlet.xml, the security constraints for that portlet will be enforced at render time." On Jul 11, 2012, at 2:56 AM, Frank Otto wrote: > Hi, > > is it possible, that the security constraint wasn't checked in the ui > pipeline on added portlets? > > > I have defined a security contraint in page.security file: > > <security-constraints-def name="MY_CONSTRAINT"> > <security-constraint> > <roles>MY_ROLE</roles> > <permissions>view,edit</permissions> > </security-constraint> > </security-constraints-def> > > The jetspeed-portlet.xml looks like this: > > <portlet> > <portlet-name>MyPortlet</portlet-name> > <js:security-constraint-ref>MY_CONSTRAINT</js:security-constraint-ref> > </portlet> > > If I remove the Role from my user, the portlet will not be shown in the > toolbox, but it's always accessable on the already added portlet. > > In Jetspeed 2.2.0 was checked this and the message "you have no permission > for the portlet" was shown in the portlet. > > > kind regards, > > Frank > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org > For additional commands, e-mail: jetspeed-user-h...@portals.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
