[jboss-user] [JBoss Portal] - PageCustomizerInterceptor not restricting tabs based on role

jgilbert do-not-reply at jboss.com
Sat Apr 28 16:06:44 EDT 2007

Looking at the PageCustomizerInterceptor class it performs security checks before rendering tabs but it does not seem to be working. JACCPortalAuthorizationManager is always returning true for checkPermission.

I'm fairly certain that I have setup my security constraints properly in my *-object.xml file because when i click on a tab i get the right security message.

Any ideas what is going wrong?

  | 	<security-constraint>
  | 		<policy-permission>
  | 			<role-name>MyRole</role-name>
  | 			<action-name>view</action-name>
  | 			<action-name>viewrecursive</action-name>
  | 			<action-name>personalizerecursive</action-name>
  | 		</policy-permission>
  | 	</security-constraint>

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041658#4041658

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4041658

More information about the jboss-user mailing list