[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-455) Relax portlet security roles declaration
Antoine Herzog (JIRA)
jira-events at lists.jboss.org
Tue Apr 17 10:51:30 EDT 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-455?page=comments#action_12359571 ]
Antoine Herzog commented on JBPORTAL-455:
-----------------------------------------
I have posted on forum about this :
http://jboss.org/index.html?module=bb&op=viewtopic&p=4037894#4037894
question :
How to workaround this, now ?
What class/service are responsible for reading the descriptor and set the role visible in the portlets ?
To overload it, knowing it is not JSR-168 compliant...
Thanks,
> Relax portlet security roles declaration
> ----------------------------------------
>
> Key: JBPORTAL-455
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-455
> Project: JBoss Portal
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Portal Portlet
> Affects Versions: 2.0 Final
> Reporter: Julien Viet
>
> Today when a portlet uses the req.isUserInRole(String roleName), this role must be declared in the portlet.xml otherwise the method returns false.
> <portlet>
> ...
> <security-role-ref>
> <role-name>Admin</role-name>
> </security-role-ref>
> ...
> </portlet>
> This is what the portlet spec tells to do.
> But it could be possible to avoid this declaration and let all the role checks pass through and delegate the call to the servlet container when configuring jboss portal
> in a certain mode (at server level or webapp level)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list