You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "David Sean Taylor (JIRA)" <je...@portals.apache.org> on 2007/01/25 00:26:49 UTC
[jira] Created: (JS2-645) Portlet Security Constraints
Portlet Security Constraints
----------------------------
Key: JS2-645
URL: https://issues.apache.org/jira/browse/JS2-645
Project: Jetspeed 2
Issue Type: New Feature
Components: Security
Affects Versions: 2.1-dev
Reporter: David Sean Taylor
Assigned To: David Sean Taylor
Fix For: 2.1-dev
Implement declarative portlet security constraints ("Security at the portlet level") feature.
In Jetspeed 2.0, you can only define security permissions for a portlet. You cannot define security constraints for a portlet.
The portal will hold a direct relationship between a portlet and a security-constraint-definition.
Security Constraints are not Java Security Permissions, but a Jetspeed specific way of securing portlets, also known as PSML constraints.
See the <i>page.security</i> file for examples of defining security constraint definitions.
If a Jetspeed Security Constraint is not defined for a portlet, the constraint applied will then fallback to the constraint defined for the portlet application.
If the portlet application does not define a constraint, then no security constraints will be applied to this portlet.
Security constraints for a portlet are normally checking during the render process of a portlet and will be applied to all pipelines.
The constraints will be defined in the jetspeed-portlet.xml deployment descriptor, holding a named security constraint references
Example:
jetspeed-portlet.xml:
<portlet-app id="demo" version="1.0"
...
<security-ref>public-edit</security-ref>
...
<portlet>
<portlet-name>PickANumberPortlet</portlet-name>
<security-ref>public-edit</security-ref>
</portlet>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] Resolved: (JS2-645) Portlet Security Constraints
Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Sean Taylor resolved JS2-645.
-----------------------------------
Resolution: Fixed
I have been testing this feature for a few weeks now.
> Portlet Security Constraints
> ----------------------------
>
> Key: JS2-645
> URL: https://issues.apache.org/jira/browse/JS2-645
> Project: Jetspeed 2
> Issue Type: New Feature
> Components: Security
> Affects Versions: 2.1-dev
> Reporter: David Sean Taylor
> Assigned To: David Sean Taylor
> Fix For: 2.1-dev
>
>
> Implement declarative portlet security constraints ("Security at the portlet level") feature.
> In Jetspeed 2.0, you can only define security permissions for a portlet. You cannot define security constraints for a portlet.
> The portal will hold a direct relationship between a portlet and a security-constraint-definition.
> Security Constraints are not Java Security Permissions, but a Jetspeed specific way of securing portlets, also known as PSML constraints.
> See the <i>page.security</i> file for examples of defining security constraint definitions.
> If a Jetspeed Security Constraint is not defined for a portlet, the constraint applied will then fallback to the constraint defined for the portlet application.
> If the portlet application does not define a constraint, then no security constraints will be applied to this portlet.
> Security constraints for a portlet are normally checking during the render process of a portlet and will be applied to all pipelines.
> The constraints will be defined in the jetspeed-portlet.xml deployment descriptor, holding a named security constraint references
> Example:
> jetspeed-portlet.xml:
> <portlet-app id="demo" version="1.0"
> ...
> <security-ref>public-edit</security-ref>
> ...
> <portlet>
> <portlet-name>PickANumberPortlet</portlet-name>
> <security-ref>public-edit</security-ref>
> </portlet>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org