It works. Thanks!
Am 16.07.2012 05:14, schrieb David Sean Taylor:
I was going to say "nothing changed". But I reviewed the 2.2.2 release notes
and found this improvement:
https://issues.apache.org/jira/browse/JS2-1262
You can try this (from the JIRA issue):
"By adding a<js:metadata name="render-time.security-constraints">true</js:metadata>
tag to a portlet configuration in jetspeed-portlet.xml, the security constraints for that portlet will be
enforced at render time."
On Jul 11, 2012, at 2:56 AM, Frank Otto wrote:
Hi,
is it possible, that the security constraint wasn't checked in the ui pipeline
on added portlets?
I have defined a security contraint in page.security file:
<security-constraints-def name="MY_CONSTRAINT">
<security-constraint>
<roles>MY_ROLE</roles>
<permissions>view,edit</permissions>
</security-constraint>
</security-constraints-def>
The jetspeed-portlet.xml looks like this:
<portlet>
<portlet-name>MyPortlet</portlet-name>
<js:security-constraint-ref>MY_CONSTRAINT</js:security-constraint-ref>
</portlet>
If I remove the Role from my user, the portlet will not be shown in the
toolbox, but it's always accessable on the already added portlet.
In Jetspeed 2.2.0 was checked this and the message "you have no permission for the
portlet" was shown in the portlet.
kind regards,
Frank
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
