Ate Douma wrote:
Randy Watler wrote:
Doug,
Portlet level security constraints are apparently the responsibility of the portlet writer to implement, so the portal and portlet container will always display the portlet. We just received clarification on this from the pluto mail list:
http://nagoya.apache.org/eyebrowse/ReadMsg?listId=261&msgNo=2160
One small correction: only the portlet container should not enforce security constraints according to the portlet specification. The portal can, as Randy showed in the example below.
Another solution would be to use security constraints on a page, restricting
(certain type of) access to only certain users, roles or groups.
Just to be clear, I think Doug is trying to control access by role at the page level but wants finer grain control over portlet in the page. This is not available now, so I was proposing he try controlling acess to two different pages with appropriate portlet subsets via the profiler.
Furthermore, this should not only be possible on page level but even on (psml) fragment level, but that isn't yet implemented I think (Randy?).
This is not implemented in M1.
If (when) it is, you can simply restrict certain parts of a page to certain
users, groups and/or roles.
Well, David and I discussed this just before M1 was released. I actually had it implemented on the fragment level, but we figured that the portlet security constraints would be sufficient/conflicting, so we removed it. However, we did not have the Pluto ruling then. So, we'll have to revist this for M2. I'll add it to my "to-do" list.
So, one way to achieve what you are after is to use the profiler. When the user is not logged in, they are known as 'guest'. By default, users are profiled using the 'j1' rule. This all boils down to the fact that unauthenticated users can be directed to pages placed in the ".../WEB-INF/pages/_user/guest" directory. Place your stripped down version of your pages in this 'guest' directory, (without your role security), and then secure all the rest of the pages in your site by role.
HTH,
Randy
Doug Schnelzer wrote:
I've been working through this thread. It's very helpful. Thanks to Marina
and Randy for providing some good documentation here. As I have worked
through this, I have a follow up question...
Is there a way in a psml file or in one of the deployment descriptors to
require a role before displaying "some" of the portlets on a page? I want
to modify the default page so that only the login portlet is visible until a
user logs in. If I make the entire page require a role, then I can't log in
to establish my identity.
Thanks, Doug
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
