[ http://issues.apache.org/jira/browse/JS2-354?page=comments#action_12322810 ]
David Sean Taylor commented on JS2-354: --------------------------------------- > If either phase is to be executed, how can or should the portal communicate > the fact that access is not granted to the portlet? The portlet content could be optionally rendered with the message "Access Forbidden" However I don't think thats always the required behavior Instead I would make it optional in the aggregator configuration. The other option will be to render the portlet empty I'll look into this since Im in the middle of the aggregator refactoring this week The other issue is : should we support another way of securing access besides the policy. It could be defined in: * jetspeed-portlet.xml * PSML fragments referencing page.security constraints > Provision for portlet-level permissions > --------------------------------------- > > Key: JS2-354 > URL: http://issues.apache.org/jira/browse/JS2-354 > Project: Jetspeed 2 > Type: Improvement > Components: Security > Versions: 2.0-M4, 2.0-FINAL > Environment: Generic > Reporter: Prashanth Gujjeti > Assignee: Randy Watler > > There has been a lot of discussion on this aspect in both the developer and > user forums. Even though the portlet content can be controlled from within > the Portlet (by checking for the appropriate roles), it would be nice to > control the content from a layer above like PSML (or the RdbmsPolicy). That > gives the programmer the flexibility to modify the permissions per portlet, > and hence the content without any code change. > Since the feature has already been implemented, but just disabled (refer > David's and Randy's comments in the forums), I hope its not too much of work > to provide this feature. Sincerely appreciate your effort folks! -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
