You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "David Sean Taylor (JIRA)" <je...@portals.apache.org> on 2007/01/25 00:26:49 UTC

[jira] Created: (JS2-645) Portlet Security Constraints

Portlet Security Constraints
----------------------------

                 Key: JS2-645
                 URL: https://issues.apache.org/jira/browse/JS2-645
             Project: Jetspeed 2
          Issue Type: New Feature
          Components: Security
    Affects Versions: 2.1-dev
            Reporter: David Sean Taylor
         Assigned To: David Sean Taylor
             Fix For: 2.1-dev


Implement declarative portlet security constraints ("Security at the portlet level") feature. 
In Jetspeed 2.0, you can only define security permissions for a portlet. You cannot define security constraints for a portlet.
The portal will hold a direct relationship between a portlet and a security-constraint-definition.

Security Constraints are not Java Security Permissions, but a  Jetspeed specific way of securing portlets, also known as PSML constraints.
See the <i>page.security</i> file for examples of defining security constraint definitions.
If a Jetspeed Security Constraint is not defined for a portlet, the constraint applied will then fallback to the constraint defined for the portlet application.
If the portlet application does not define a constraint, then no security constraints will be applied to this portlet. 
Security constraints for a portlet are normally checking during the render process of a portlet and will be applied to all pipelines.

The constraints will be defined in the jetspeed-portlet.xml deployment descriptor, holding a named security constraint references

Example:

jetspeed-portlet.xml:

<portlet-app id="demo" version="1.0"
...
   <security-ref>public-edit</security-ref>
...
 <portlet>
        <portlet-name>PickANumberPortlet</portlet-name>
        <security-ref>public-edit</security-ref>
</portlet>



-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

[jira] Resolved: (JS2-645) Portlet Security Constraints

Posted by "David Sean Taylor (JIRA)" <je...@portals.apache.org>.
     [ https://issues.apache.org/jira/browse/JS2-645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Sean Taylor resolved JS2-645.
-----------------------------------

    Resolution: Fixed

I have been testing this feature for a few weeks now. 

> Portlet Security Constraints
> ----------------------------
>
>                 Key: JS2-645
>                 URL: https://issues.apache.org/jira/browse/JS2-645
>             Project: Jetspeed 2
>          Issue Type: New Feature
>          Components: Security
>    Affects Versions: 2.1-dev
>            Reporter: David Sean Taylor
>         Assigned To: David Sean Taylor
>             Fix For: 2.1-dev
>
>
> Implement declarative portlet security constraints ("Security at the portlet level") feature. 
> In Jetspeed 2.0, you can only define security permissions for a portlet. You cannot define security constraints for a portlet.
> The portal will hold a direct relationship between a portlet and a security-constraint-definition.
> Security Constraints are not Java Security Permissions, but a  Jetspeed specific way of securing portlets, also known as PSML constraints.
> See the <i>page.security</i> file for examples of defining security constraint definitions.
> If a Jetspeed Security Constraint is not defined for a portlet, the constraint applied will then fallback to the constraint defined for the portlet application.
> If the portlet application does not define a constraint, then no security constraints will be applied to this portlet. 
> Security constraints for a portlet are normally checking during the render process of a portlet and will be applied to all pipelines.
> The constraints will be defined in the jetspeed-portlet.xml deployment descriptor, holding a named security constraint references
> Example:
> jetspeed-portlet.xml:
> <portlet-app id="demo" version="1.0"
> ...
>    <security-ref>public-edit</security-ref>
> ...
>  <portlet>
>         <portlet-name>PickANumberPortlet</portlet-name>
>         <security-ref>public-edit</security-ref>
> </portlet>

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org