[
http://jira.jboss.com/jira/browse/JBPORTAL-455?page=all ]
Julien Viet updated JBPORTAL-455:
---------------------------------
Fix Version/s: 2.6.Beta1
(was: 2.6.Alpha1)
Relax portlet security roles declaration
----------------------------------------
Key: JBPORTAL-455
URL:
http://jira.jboss.com/jira/browse/JBPORTAL-455
Project: JBoss Portal
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Portal Portlet
Affects Versions: 2.0 Final
Reporter: Julien Viet
Fix For: 2.6.Beta1
Today when a portlet uses the req.isUserInRole(String roleName), this role must be
declared in the portlet.xml otherwise the method returns false.
<portlet>
...
<security-role-ref>
<role-name>Admin</role-name>
</security-role-ref>
...
</portlet>
This is what the portlet spec tells to do.
But it could be possible to avoid this declaration and let all the role checks pass
through and delegate the call to the servlet container when configuring jboss portal
in a certain mode (at server level or webapp level)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira