This content has been marked as final.
Show 6 replies
-
1. Re: Dynamic Role for portlets
patrickdalla Apr 12, 2006 2:17 PM (in response to patrickdalla)This was a problem in JBoss Portal 2.0 and persists in JBoss Portal 2.2.
More specifically in the class PortletRequestImplpublic boolean isUserInRole(String roleName) { // Get the map role name to role link Map securityRoleRefsMap = ((PortletContainer)creq.getComponent()).getSecurityRoleRefsMap(); // Process the role link String roleLink = (String)securityRoleRefsMap.get(roleName); if (roleLink == null) { if (securityRoleRefsMap.containsKey(roleName)) { // The role name exist without a role link value return securityContext.isUserInRole(roleName); } else { // No role name is defined return false; } } else { // We have the role link value return securityContext.isUserInRole(roleLink); } }
note that if the role is not in "securityRoleRefsMap" the method return false. -
2. Re: Dynamic Role for portlets
patrickdalla Apr 17, 2006 12:50 PM (in response to patrickdalla)No response? No way?
-
3. Re: Dynamic Role for portlets
cpage Apr 17, 2006 2:00 PM (in response to patrickdalla)you can add security constraints to the windows (which are link with an instance of a portlet)
then, use a roleModule to check if the user has this role. -
4. Re: Dynamic Role for portlets
patrickdalla Apr 18, 2006 2:13 PM (in response to patrickdalla)Didin't linked this implementation.
I think my portlet should be decoupled of RoleModule implementation.
I need a way that the method isUserInRole of PortletRequest works. -
5. Re: Dynamic Role for portlets
patrickdalla Apr 18, 2006 2:14 PM (in response to patrickdalla)Didn't liked this implementation.
I think my portlet should be decoupled of RoleModule interface.
I need a way that the method isUserInRole of PortletRequest works. -
6. Re: Dynamic Role for portlets
patrickdalla Apr 19, 2006 11:16 AM (in response to patrickdalla)I've utilized JaasSecurityManager for Role membership verification.
try{ InitialContext ic = new InitialContext(); jsm = (JaasSecurityManager) ic.lookup("java:jaas/portal"); }catch(Exception e){ }
But these way, my portlet will need to know the name of the JaasSecurityManager bindend for Jboss Portal.
I would like a transparent way.