We are in the process of trying to integrate Jetspeed2 with OpenSSO for both Authentication (SSO) and Authorization. We have been successful in the authentication piece, but I have not been able to figure out how to switch out the authorization piece.
We are trying to get Jetspeed2 to delegate authorization checks for a portlet action (View, Configure etc.) to OpenSSO before the portlet is rendered on the page. In the process of analyzing the code, I was able to make certain changes to the org.apache.jetspeed.security.impl.SecurityAccessControllerImpl class in the checkPortletAccess() method. This however, causes the portlet to be visible or not visible while adding it to the page. Once the portlet is added to the page, control no longer comes to this method. Which means that access to the portlet cannot be turned off in openSSO. I have a feeling that I am barking up the wrong tree here. Could anyone point me in the right direction to look? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
