You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Michael Gustav Simon <mg...@gmail.com> on 2006/01/23 13:04:56 UTC
portlet level security constraint
Hello j2-users,
i cannot found a solution to set security constraint on portlet level.
Security constraint can be set for page level.
<security-constraints>
<security-constraint>
<roles>member</roles>
<permissions>view</permissions>
</security-constraint>
<security-constraint>
<roles>manager</roles>
<permissions>edit</permissions>
</security-constraint>
</security-constraints>
For a member the portlets will be in the view mode only.
User with the role manager can change to the editmode the displayed
portlets.
I found the following description in the book "Portlets and Apache Portals":
> Constraints work with principals (role, user, and group) and permissions.
Permissions are actions
> provided by the portal implementation. Jetspeed-2 follows the portlet
specification, providing
> permissions to mirror the default portlet modes: view, edit, and help. The
constraint shown in
> Listing 12.10 constrains access to the default page for members by
granting the view permission
> to users with the role member, and granting the edit permission to users
with the role manager.
> Similarly, constraints can also be applied to pages and portlets.
__constraints can also be applied to pages and portlets__
How do I can set a security constraint to a portlet?
The user should be able to add, view and configure portlets with an
associated role only!
Anyone an idea?
Re: portlet level security constraint
Posted by Randy Watler <wa...@wispertel.net>.
Michael,
This is a work in progress... here is how it is done at a high level:
1. One can specify PortletPermissions in the DB. These permissions are
used to control whether a portlet can be added to a page using the
customizer. This is a global specification.
2. Fragment level SecurityConstraints can be specified to control
visibility of portlets in a page. These settings are local to a page only.
There is a JIRA issue open against this:
https://issues.apache.org/jira/browse/JS2-354. Feel free to comment.
Randy
Michael Gustav Simon wrote:
> Hello j2-users,
> i cannot found a solution to set security constraint on portlet level.
> Security constraint can be set for page level.
> <security-constraints>
> <security-constraint>
> <roles>member</roles>
> <permissions>view</permissions>
> </security-constraint>
> <security-constraint>
> <roles>manager</roles>
> <permissions>edit</permissions>
> </security-constraint>
> </security-constraints>
> For a member the portlets will be in the view mode only.
> User with the role manager can change to the editmode the displayed
> portlets.
> I found the following description in the book "Portlets and Apache Portals":
>
>> Constraints work with principals (role, user, and group) and permissions.
>>
> Permissions are actions
>
>> provided by the portal implementation. Jetspeed-2 follows the portlet
>>
> specification, providing
>
>> permissions to mirror the default portlet modes: view, edit, and help. The
>>
> constraint shown in
>
>> Listing 12.10 constrains access to the default page for members by
>>
> granting the view permission
>
>> to users with the role member, and granting the edit permission to users
>>
> with the role manager.
>
>> Similarly, constraints can also be applied to pages and portlets.
>>
>
> __constraints can also be applied to pages and portlets__
>
>
> How do I can set a security constraint to a portlet?
> The user should be able to add, view and configure portlets with an
> associated role only!
> Anyone an idea?
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org