[jboss-user] [JBoss Portal] - Re: Unable to add security constraint to portlets

[bhupeshs]

Hi Julian,

Thanks a lot for the quick reply.  But I still have issues securing a portlet.

I am using Jboss-Portal-2.4.0Beta1 with Jboss 4.0.4GA and MySql 5.0

Let me briefly explain my requirements. The protal page contains 5 portlets. All users should be able to access the page and they are shown all portlets except one. The last portlet should be shown only to users with Admin role. So the user should see 4 portlets and Admin should see 5 portlets.

I have now changed the viewrecursive permission for default protal instance to view. so no node in the hierarchy now has viewrecursive permission.

As of now i am still trying to secure a portlet through descriptor files itself. The  permissions are getting stored in the database correctly for portletwindow. I can see correct values in jbp_object_node_security and jbp_object_note_security tables. The portletWindow security tab also displays the role correctly. i.e. only the admin has view permission and others have no permission.

Everything looks OK, but when I access the page everyone is able to see all the portlets in the page.

There is one more problem with the security tab in management console. Once i select a value for a group, there is no way to unselect the value from the list box. I am able to change it to other value, but i cannot unselect it. For Example, the default unchecked role has view permission which i want to remove. I cannot do it from the management portlet.

I can send you a sample war file which shows this. Should I create a jira ticket for this???

Thanks and Regards,
Bhupesh 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959875#3959875

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959875