[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-455) Relax portlet security roles declaration
Julien Viet (JIRA)
jira-events at lists.jboss.org
Tue Apr 17 10:55:30 EDT 2007
[ http://jira.jboss.com/jira/browse/JBPORTAL-455?page=comments#action_12359572 ]
Julien Viet commented on JBPORTAL-455:
--------------------------------------
PortletRequestImpl.isUserInRole(String s)
it reads metadata and make the mapping.
with extended meta data telling that it should not map, it could be done here
> Relax portlet security roles declaration
> ----------------------------------------
>
> Key: JBPORTAL-455
> URL: http://jira.jboss.com/jira/browse/JBPORTAL-455
> Project: JBoss Portal
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Portal Portlet
> Affects Versions: 2.0 Final
> Reporter: Julien Viet
>
> Today when a portlet uses the req.isUserInRole(String roleName), this role must be declared in the portlet.xml otherwise the method returns false.
> <portlet>
> ...
> <security-role-ref>
> <role-name>Admin</role-name>
> </security-role-ref>
> ...
> </portlet>
> This is what the portlet spec tells to do.
> But it could be possible to avoid this declaration and let all the role checks pass through and delegate the call to the servlet container when configuring jboss portal
> in a certain mode (at server level or webapp level)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list