You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pluto-dev@portals.apache.org by pl...@jakarta.apache.org on 2004/07/30 20:51:40 UTC
[jira] Resolved: (PLUTO-46) PortletRequestImpl: isUserInRole(role) must use aliased role-name in portlet.xml
Message:
The following issue has been resolved as FIXED.
Resolver: David DeWolf
Date: Fri, 30 Jul 2004 11:50 AM
Implmented in similar fassion as requested. Additionally added additional page in testsuite to test security info like this.
---------------------------------------------------------------------
View the issue:
http://issues.apache.org/jira/browse/PLUTO-46
Here is an overview of the issue:
---------------------------------------------------------------------
Key: PLUTO-46
Summary: PortletRequestImpl: isUserInRole(role) must use aliased role-name in portlet.xml
Type: Bug
Status: Resolved
Resolution: FIXED
Project: Pluto
Components:
portlet container
Fix Fors:
Current CVS
Versions:
Current CVS
Assignee: David DeWolf
Reporter: Frédéric Arnoud
Created: Fri, 30 Apr 2004 10:36 AM
Updated: Fri, 30 Jul 2004 11:50 AM
Environment: Operating System: Other
Platform: Other
Description:
Method isUserInRole(String) of class
org.apache.pluto.core.impl.PortletRequestImpl must use the security role
reference mapping defined in portlet.xml (spec. jsr168 PLT.20.3).
I propose this new method for the implementation:
BEGIN ======================================================
public boolean isUserInRole(String roleName)
{
boolean userInRole = false;
SecurityRoleRef securityRoleRef = portletWindow.getPortletEntity
().getPortletDefinition().getInitSecurityRoleRefSet().get(roleName);
/*
* PLT.20.3:
* "... A security-role-ref element MUST be declared by the
portlet
* in deployment descriptor with a role-name sub-element
containing
* the role-name to be passed to the method."
*/
if ( securityRoleRef != null )
{
String roleLink = securityRoleRef.getRoleLink();
if (roleLink == null)
{
/* "If the security-role-ref element does not define a
role-link element,
* the container must default to checking the role-
name element argument
* against the list of security-role elements defined
in the web.xml
* deployment descriptor of the portlet application."
*/
roleLink = roleName;
}
userInRole = this._getHttpServletRequest().isUserInRole
(roleLink);
}
return userInRole;
}
END ======================================================
Regards,
Fred. Arnoud
---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
If you want more information on JIRA, or have a bug to report see:
http://www.atlassian.com/software/jira