[jboss-user] [JBoss Portal] - Unable to add security constraint to portlets

[bhupeshs]

Hi,

I am using jboss portal 2.4.0-Beta1 with Jboss4.0.4GA and MySql5.0

I am trying to add security-constraint to a portlet, but it is not getting reflected. The security-constrating to a page, however is working fine.

I tried adding security-contraint to a Window, PortletInstance and a Portlet but none of them is working.

for Portlet window, I tried something like this in myPortal-object.xml file and deployed the war, but everyone is able to access the portlet.


  | 	<deployment>
  | 		<parent-ref>default.Dashboard2</parent-ref>
  | 		<if-exists>overwrite</if-exists>
  | 		<window>
  | 			<window-name>ScheduledInterviewsWindow2</window-name>
  | 			<instance-ref>KNXScheduledInterviewsInstance2</instance-ref>
  | 			<default>true</default>
  | 			<region>center</region>
  | 			<height>0</height>
  | 			<security-constraint>
  | 				<policy-permission>
  | 					<role-name>Admin</role-name>
  | 					<action-name>view</action-name>
  | 				</policy-permission>
  | 			</security-constraint>
  | 		</window>
  | 	</deployment>
  | 

I even tried it for the portlet, by adding the security-constraint in jboss-portlet.xml file

  |     <portlet>
  |          <portlet-name>ScheduledInterviewsPortlet2</portlet-name>
  | 		 <security></security>
  | 		 		<security-constraint>
  |              <policy-permission>
  |                  <role-name>Admin</role-name>
  |                  <action-name>view</action-name>
  |              </policy-permission>
  |          </security-constraint>
  |     </portlet>
  | 

Even the security for portlet-instance is also not working.

In myPortal-objext.xml
  | 
  | 	<deployment>
  | 		<if-exists>overwrite</if-exists>
  | 		<instance>
  | 			<instance-name>
  | 				KNXScheduledInterviewsInstance2
  | 			</instance-name>
  | 			<component-ref>
  | 				KenexaDashboard2.ScheduledInterviewsPortlet2
  | 			</component-ref>
  | 					<security-constraint>
  |              <policy-permission>
  |                  <role-name>Admin</role-name>
  |                  <action-name>view</action-name>
  |              </policy-permission>
  |          </security-constraint>
  | 		</instance>
  | 	</deployment>
  | 
  | In Portlet-Instances.xml
  | 
  |    <instance>
  |       <instance-id>KNXScheduledInterviewsInstance2</instance-id>
  |       <portlet-ref>ScheduledInterviewsPortlet2</portlet-ref>
  |       		<security-constraint>
  |              <policy-permission>
  |                  <role-name>Admin</role-name>
  |                  <action-name>view</action-name>
  |              </policy-permission>
  |          </security-constraint>
  |    </instance>

I even changed the window_access_denied propery in cong/config.xml from show to hide
   <entry key="core.render.window_access_denied">hide</entry>


Am I missing anything else? I even tried to do it from the management console but that didn't work either.

Any help would be greatly appreciated.

Thanks & Regards,
Bhupesh.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959856#3959856

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959856