Unable to add security constraint to portlets
bhupeshs Jul 21, 2006 6:09 AMHi,
I am using jboss portal 2.4.0-Beta1 with Jboss4.0.4GA and MySql5.0
I am trying to add security-constraint to a portlet, but it is not getting reflected. The security-constrating to a page, however is working fine.
I tried adding security-contraint to a Window, PortletInstance and a Portlet but none of them is working.
for Portlet window, I tried something like this in myPortal-object.xml file and deployed the war, but everyone is able to access the portlet.
<deployment> <parent-ref>default.Dashboard2</parent-ref> <if-exists>overwrite</if-exists> <window> <window-name>ScheduledInterviewsWindow2</window-name> <instance-ref>KNXScheduledInterviewsInstance2</instance-ref> <default>true</default> <region>center</region> <height>0</height> <security-constraint> <policy-permission> <role-name>Admin</role-name> <action-name>view</action-name> </policy-permission> </security-constraint> </window> </deployment>
I even tried it for the portlet, by adding the security-constraint in jboss-portlet.xml file
<portlet> <portlet-name>ScheduledInterviewsPortlet2</portlet-name> <security></security> <security-constraint> <policy-permission> <role-name>Admin</role-name> <action-name>view</action-name> </policy-permission> </security-constraint> </portlet>
Even the security for portlet-instance is also not working.
In myPortal-objext.xml <deployment> <if-exists>overwrite</if-exists> <instance> <instance-name> KNXScheduledInterviewsInstance2 </instance-name> <component-ref> KenexaDashboard2.ScheduledInterviewsPortlet2 </component-ref> <security-constraint> <policy-permission> <role-name>Admin</role-name> <action-name>view</action-name> </policy-permission> </security-constraint> </instance> </deployment> In Portlet-Instances.xml <instance> <instance-id>KNXScheduledInterviewsInstance2</instance-id> <portlet-ref>ScheduledInterviewsPortlet2</portlet-ref> <security-constraint> <policy-permission> <role-name>Admin</role-name> <action-name>view</action-name> </policy-permission> </security-constraint> </instance>
I even changed the window_access_denied propery in cong/config.xml from show to hide
<entry key="core.render.window_access_denied">hide</entry>
Am I missing anything else? I even tried to do it from the management console but that didn't work either.
Any help would be greatly appreciated.
Thanks & Regards,
Bhupesh.