You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Michael Gustav Simon <mg...@gmail.com> on 2006/01/20 15:27:04 UTC

PorletPermission

Hello,
I do not understand the permission for portlets!

If I set a role (ex. admin) to a portlet (ex. Helloworld Portlet Wrapper) in
the "Root Folder >> Jetspeed Administrative Portlets >> Portlet Application
Manager" / "Portlet Application Detail" tab "Portlets" subtab "Security" and
relogin with an user (ex. user), the portlet can selected (portlet: "Portlet
Selector") for in the customization page.

The portlet "Portlet Selector" will filter the portlets with the following
code-snippet.

(PortletSelector.java)
...
if (permissionManager.checkPermission(subject,
  new PortletPermission(portlet.getUniqueName(),
  SecuredResource.VIEW_ACTION, subject )))
{
  list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale),
portlet.getDescriptionText(locale)));
}
...

Why is this portlet selectable?

greets,
mgsimon

Re: PorletPermission

Posted by Michael Gustav Simon <mg...@gmail.com>.

OK, but how i can associate the PortletPermission to a role.
I want to filter the selectable portlets in the portlet selector.
For ex. only an user with the role "customer" can add the portlet "myoders"
to the page.

Re: PorletPermission

Posted by David Sean Taylor <da...@bluesunrise.com>.

Michael Gustav Simon wrote:
> Hello,
> I do not understand the permission for portlets!
> 
> If I set a role (ex. admin) to a portlet (ex. Helloworld Portlet Wrapper) in
> the "Root Folder >> Jetspeed Administrative Portlets >> Portlet Application
> Manager" / "Portlet Application Detail" tab "Portlets" subtab "Security" and
> relogin with an user (ex. user), the portlet can selected (portlet: "Portlet
> Selector") for in the customization page.
> 
I think this is a great idea, but its NOT where portlet permissions are 
configured. Unfortunately there is not a connection between this admin 
portlet and the security policy that holds portlet permissions.

You need to set portlet permissions in the database, such as in the seed 
data:

INSERT INTO SECURITY_PERMISSION 
VALUES(100,'org.apache.jetspeed.security.PortletPermission','j2-admin::*','view, 
edit','2004-05-22 16:27:12.572','2004-05-22 16:27:12.572');


> The portlet "Portlet Selector" will filter the portlets with the following
> code-snippet.
> 
yes

> (PortletSelector.java)
> ...
> if (permissionManager.checkPermission(subject,
>   new PortletPermission(portlet.getUniqueName(),
>   SecuredResource.VIEW_ACTION, subject )))
> {
>   list.add(new PortletInfo(uniqueName, portlet.getDisplayNameText(locale),
> portlet.getDescriptionText(locale)));
> }
> ...
> 
> Why is this portlet selectable?
> 
Im not sure if I understand that question...

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org