[jboss-user] [JBoss Portal] - Re: Declarative Security and Portlets

Please find my answers inline: 1) There is no role-based declarative security for portlets defined by portlet spec. Yes 2) For local portlets in JBoss Portal it is solved by securing portlet instances. Yes 3) For WSRP, JBoss Portal has no solution currently. Neither propagation of a User

[jboss-user] [JBoss Portal] - Re: location URL to redirect to after signout

Basically that parameter has to be set in the PortletRequest and not in the HttpRequest. See menu.jsp fragment below: a id=logout href= | portlet:actionURL windowState=normal | portlet:param name=op value=userLogout/ | portlet:param name=locationURL value=/portal/portal/default/default/

[jboss-user] [JBossWS] - ws-security JBWS-638 - Design Notes

SecurityStore == Will no longer hold the keystore and truststore, rather will hold a reference to a JaasSecurityDomain Object. This will be used to lookup the security configuration and also to encode/decode. Since we want to make this keystore configuration available from