You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Michael Gustav Simon <mg...@gmail.com> on 2006/01/23 13:04:56 UTC

portlet level security constraint

Hello j2-users,
i cannot found a solution to set security constraint on portlet level.
Security constraint can be set for page level.
<security-constraints>
 <security-constraint>
  <roles>member</roles>
  <permissions>view</permissions>
 </security-constraint>
 <security-constraint>
  <roles>manager</roles>
  <permissions>edit</permissions>
 </security-constraint>
</security-constraints>
For a member the portlets will be in the view mode only.
User with the role manager can change to the editmode the displayed
portlets.
I found the following description in the book "Portlets and Apache Portals":
> Constraints work with principals (role, user, and group) and permissions.
Permissions are actions
> provided by the portal implementation. Jetspeed-2 follows the portlet
specification, providing
> permissions to mirror the default portlet modes: view, edit, and help. The
constraint shown in
> Listing 12.10 constrains access to the default page for members by
granting the view permission
> to users with the role member, and granting the edit permission to users
with the role manager.
> Similarly, constraints can also be applied to pages and portlets.

__constraints can also be applied to pages and portlets__


How do I can set a security constraint to a portlet?
The user should be able to add, view and configure portlets with an
associated role only!
Anyone an idea?

Re: portlet level security constraint

Posted by Randy Watler <wa...@wispertel.net>.

Michael,

This is a work in progress... here is how it is done at a high level:

1. One can specify PortletPermissions in the DB. These permissions are 
used to control whether a portlet can be added to a page using the 
customizer. This is a global specification.

2. Fragment level SecurityConstraints can be specified to control 
visibility of portlets in a page. These settings are local to a page only.

There is a JIRA issue open against this: 
https://issues.apache.org/jira/browse/JS2-354. Feel free to comment.

Randy

Michael Gustav Simon wrote:
> Hello j2-users,
> i cannot found a solution to set security constraint on portlet level.
> Security constraint can be set for page level.
> <security-constraints>
>  <security-constraint>
>   <roles>member</roles>
>   <permissions>view</permissions>
>  </security-constraint>
>  <security-constraint>
>   <roles>manager</roles>
>   <permissions>edit</permissions>
>  </security-constraint>
> </security-constraints>
> For a member the portlets will be in the view mode only.
> User with the role manager can change to the editmode the displayed
> portlets.
> I found the following description in the book "Portlets and Apache Portals":
>   
>> Constraints work with principals (role, user, and group) and permissions.
>>     
> Permissions are actions
>   
>> provided by the portal implementation. Jetspeed-2 follows the portlet
>>     
> specification, providing
>   
>> permissions to mirror the default portlet modes: view, edit, and help. The
>>     
> constraint shown in
>   
>> Listing 12.10 constrains access to the default page for members by
>>     
> granting the view permission
>   
>> to users with the role member, and granting the edit permission to users
>>     
> with the role manager.
>   
>> Similarly, constraints can also be applied to pages and portlets.
>>     
>
> __constraints can also be applied to pages and portlets__
>
>
> How do I can set a security constraint to a portlet?
> The user should be able to add, view and configure portlets with an
> associated role only!
> Anyone an idea?
>
>   


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org