I found the answer to this, eventhough this just satisfied part of my problem. To render
the tabs/pages and/or portlets based on user's roles,
1. In *-object.xml
1.1 Under the security-constraint tag, list all possible usernames who can access to
this portal
| <security-constraint>
| <policy-permission>
| <role-name>User</role-name>
| <action-name>view</action-name>
| </policy-permission>
| <policy-permission>
| <role-name>Admin</role-name>
| <action-name>view</action-name>
| </policy-permission>
| </security-constraint>
|
1.2 Then, under each tag, you should list the name of the users who can view this
page
| <security-constraint>
| <policy-permission>
| <role-name>Admin</role-name>
| <action-name>view</action-name>
| </policy-permission>
| </security-constraint>
|
The Admin username above can view all of the portlets defined for this page.
2. To restrict which portlets should be seen by this Admin user, in the
portal-instances.xml, do the same security as above for each portlet instance
| <deployment>
| <instance>
| <instance-id>HelloWorldPortletInstance</instance-id>
| <portlet-ref>HelloWorldPortlet</portlet-ref>
|
| <security-constraint>
| <policy-permission>
| <role-name>Admin</role-name>
| <action-name>view</action-name>
| </policy-permission>
| </security-constraint>
| </instance>
| </deployment>
|
With the codes above, the Admin user when he logs in that page, if there are more than one
portlet besides the HelloWorldPortlet, he only sees the HelloWorldPortlet.
Hope this will help others who are looking for the same answer
SGM
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4086707#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...