Hi mageshbk,
can you restate above 3 points with respect to jboss portal 2.6.1.
have things changed ? Especially role-based declarative security for portlets ?
thanks
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4079924#4079924
Reply to the post :
The question was about declarative security *from the spec*, the spec hasn't
change.
Declarative security for portlet instance, and portal objects exist since the
beginning in JBoss Portal.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4079990#4079990
Reply
Please find my answers inline:
1) There is no role-based declarative security for portlets defined by
portlet spec.
Yes
2) For local portlets in JBoss Portal it is solved by securing portlet
instances.
Yes
3) For WSRP, JBoss Portal has no solution currently. Neither propagation of
a User
Hi Julien,
just to summarize your answer and to verify if I understood you correctly
1) There is no role-based declarative security for portlets defined by portlet
spec.
2) For local portlets in JBoss Portal it is solved by securing portlet
instances.
3) For WSRP, JBoss Portal has no solution
Hi,
first portlets are not bound to URLs so they cannot be secured via web.xml. The
only thing done in relation with the servlet world is that the user
authenticated against the portal servlet and when he access a portlet (in the
local case) the request user principal and the roles are
