[jira] [Updated] (JS2-1262) Enforced portlet level security constraints checking at render time through custom jetspeed-portlet.xml metadata

Mon, 03 Oct 2011 20:26:01 -0700 

     [ 
https://issues.apache.org/jira/browse/JS2-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ate Douma updated JS2-1262:
---------------------------

    Summary: Enforced portlet level security constraints checking at render 
time through custom jetspeed-portlet.xml metadata   (was: Adding enforced 
portlet level security constraints checking at render time through custom 
jetspeed-portlet.xml metadata )
    
> Enforced portlet level security constraints checking at render time through 
> custom jetspeed-portlet.xml metadata 
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: JS2-1262
>                 URL: https://issues.apache.org/jira/browse/JS2-1262
>             Project: Jetspeed 2
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.2.1
>            Reporter: Ate Douma
>            Assignee: Ate Douma
>             Fix For: 2.2.2
>
>
> For some administrative portlets it is required to enforce security 
> constraints on portlet definition level, e.g. restrict (all) usage for 
> certain admin portlets to users having admin only.
> By default, Jetspeed only enforces portlet level security constraints (see: 
> http://portals.apache.org/jetspeed-2/deployguide/guide-registry.html, section 
> jetspeed-portlet.xml) while adding new portlet instances to a page/fragment.
> Once a portlet has been instantiated, only the page/fragment security 
> constraints are enforced.
> This default behavior can be changed globally, but has rather a high impact 
> as potentially the expected behavior of existing portlet instances might 
> thereby change.
> As an light-weight alternative, I will add support for an additonal, portlet 
> level meta data configuration through jetspeed-portlet.xml which allows 
> turning this behavior on for individual portlets only.
> By adding a <js:metadata 
> name="render-time.security-constraints">true</js:metadata> tag to a portlet 
> configuration in jetspeed-portlet.xml, the security constraints for that 
> portlet will be enforced at render time.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org

Reply via email to