[jboss-user] [JBoss Portal] - Expanded Programmatic Security
brownfielda
do-not-reply at jboss.com
Mon Jul 16 08:57:09 EDT 2007
I'm attempting to write a portlet that has some additional internal security features. The overall goal will be to allow selected access to MBeans on a remote server (for the time being the goal is to restart foreign JVMs on a WAS 5.1 AS).
At any rate, I was hoping to make the security checks internal to the portlet based on a user's JBP roles. In doing so, I have set up portlet.xml with the following:
. . .
| <security-role-ref>
| <role-name>MyPortletUser</role-name>
| <role-link>User</role-link>
| </security-role-ref>
| <security-role-ref>
| <role-name>MyPortletAdmin</role-name>
| <role-link>Admin</role-link>
| </security-role-ref>
| . . .
With this setup, I can programmatically check if a user is part of a particular group with isUserInRole() for either of the two listed roles. My curiosity is if the roles that I use inside the portlet are strictly defined by the contents of this descriptor.
Would it be possible to test against some other role-name, without editing the descriptor?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064524#4064524
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4064524
More information about the jboss-user
mailing list