Portlet Security Constraints
----------------------------
Key: JS2-645
URL: https://issues.apache.org/jira/browse/JS2-645
Project: Jetspeed 2
Issue Type: New Feature
Components: Security
Affects Versions: 2.1-dev
Reporter: David Sean Taylor
Assigned To: David Sean Taylor
Fix For: 2.1-dev
Implement declarative portlet security constraints ("Security at the portlet
level") feature.
In Jetspeed 2.0, you can only define security permissions for a portlet. You
cannot define security constraints for a portlet.
The portal will hold a direct relationship between a portlet and a
security-constraint-definition.
Security Constraints are not Java Security Permissions, but a Jetspeed
specific way of securing portlets, also known as PSML constraints.
See the <i>page.security</i> file for examples of defining security constraint
definitions.
If a Jetspeed Security Constraint is not defined for a portlet, the constraint
applied will then fallback to the constraint defined for the portlet
application.
If the portlet application does not define a constraint, then no security
constraints will be applied to this portlet.
Security constraints for a portlet are normally checking during the render
process of a portlet and will be applied to all pipelines.
The constraints will be defined in the jetspeed-portlet.xml deployment
descriptor, holding a named security constraint references
Example:
jetspeed-portlet.xml:
<portlet-app id="demo" version="1.0"
...
<security-ref>public-edit</security-ref>
...
<portlet>
<portlet-name>PickANumberPortlet</portlet-name>
<security-ref>public-edit</security-ref>
</portlet>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
