[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-455) Relax portlet security roles declaration
Andy Pemberton (JIRA)
jira-events at lists.jboss.org
Tue Feb 17 12:58:44 EST 2009
[ https://jira.jboss.org/jira/browse/JBPORTAL-455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12452992#action_12452992 ]
Andy Pemberton commented on JBPORTAL-455:
-----------------------------------------
We're facing this issue in a large-scale JBPortal implementation.
As the forum thread mentioned, this limitation is particularly annoying if you have multiple portlets in a portlet-app. In one scenario, we have 8 portlets in a single war, with 50+ roles needing to be defined (and redefined) per portlet.
> Relax portlet security roles declaration
> ----------------------------------------
>
> Key: JBPORTAL-455
> URL: https://jira.jboss.org/jira/browse/JBPORTAL-455
> Project: JBoss Portal
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Portal Portlet
> Affects Versions: 2.0 Final
> Reporter: Julien Viet
>
> Today when a portlet uses the req.isUserInRole(String roleName), this role must be declared in the portlet.xml otherwise the method returns false.
> <portlet>
> ...
> <security-role-ref>
> <role-name>Admin</role-name>
> </security-role-ref>
> ...
> </portlet>
> This is what the portlet spec tells to do.
> But it could be possible to avoid this declaration and let all the role checks pass through and delegate the call to the servlet container when configuring jboss portal
> in a certain mode (at server level or webapp level)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list