Portal Security Implementation
Framework
Also an authorization framework will exist in portal security that portlet writers (as well as the portal core) can utilize to check for access to various actions to various portal resources, widgets etc. The first implementation of this framework will be based on JACC .
Here is the pictorial representation of the Authorization Framework.
Permission Model
There is a two dimensional permission hierarchy that needs to be studied for portal security. On one dimension is the portal resource permission and the other dimension is the action. As an example, consider the permission for "Context" on one dimension and the action "view" on the other dimension, an intersection of these provides us the "View Permission for a context". Pictorially, a portion of this hierarchy is depicted in the following diagram:
Explanation: The ViewRecursive action follows the xxxRecursive action pattern where xxx is any action (create, delete, view etc). This xxxRecursive action is a special action that gives access rights for that particular action, to all the children portal resources in the hierarchy. For example, if the Context permission if provided to an user with the "ViewRecursive" action, then he has view permission to all the portal/pages/windows/instances/portlets in the context. Similarly a "DeleteRecursive" action privilege is provided to an user at the Portal level, then the user has delete privileges to all the pages, windows, instances, portlets contained in the "portal".
Comments