You are viewing a plain text version of this content. The canonical link for it is here.
Posted to pluto-dev@portals.apache.org by pl...@jakarta.apache.org on 2004/07/30 20:51:40 UTC
[jira] Resolved: (PLUTO-46) PortletRequestImpl: isUserInRole(role) must use aliased role-name in portlet.xml

Message:

   The following issue has been resolved as FIXED.

   Resolver: David DeWolf
       Date: Fri, 30 Jul 2004 11:50 AM

Implmented in similar fassion as requested.  Additionally added additional page in testsuite to test security info like this.
---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/PLUTO-46

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: PLUTO-46
    Summary: PortletRequestImpl: isUserInRole(role)  must use aliased role-name in portlet.xml
       Type: Bug

     Status: Resolved
 Resolution: FIXED

    Project: Pluto
 Components: 
             portlet container
   Fix Fors:
             Current CVS
   Versions:
             Current CVS

   Assignee: David DeWolf
   Reporter: FrÃ©dÃ©ric Arnoud

    Created: Fri, 30 Apr 2004 10:36 AM
    Updated: Fri, 30 Jul 2004 11:50 AM
Environment: Operating System: Other
Platform: Other

Description:
Method isUserInRole(String) of class 
org.apache.pluto.core.impl.PortletRequestImpl must use the security role
reference mapping defined in portlet.xml (spec. jsr168 PLT.20.3).

I propose this new method for the implementation:

BEGIN ====================================================== 
    public boolean isUserInRole(String roleName)
    {
    	boolean userInRole = false; 
		SecurityRoleRef securityRoleRef = portletWindow.getPortletEntity
().getPortletDefinition().getInitSecurityRoleRefSet().get(roleName);
		/*
		 * PLT.20.3: 
		 *   "... A security-role-ref element MUST be declared by the 
portlet
		 *    in deployment descriptor with a role-name sub-element 
containing 
		 *    the role-name to be passed to the method." 
		 */
		if ( securityRoleRef != null )
		{
    		String roleLink = securityRoleRef.getRoleLink();
	    	if (roleLink == null)
	    	{
	    		/*  "If the security-role-ref element does not define a 
role-link element,
	    		 *   the container must default to checking the role-
name element argument
	    		 *   against the list of security-role elements defined 
in the web.xml 
	    		 *   deployment descriptor of the portlet application."
	    		 */
	    		roleLink = roleName;
	    	} 
			userInRole = this._getHttpServletRequest().isUserInRole
(roleLink);
		}
		return userInRole;
    }
END ====================================================== 

Regards, 
Fred. Arnoud


---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira