I'm having difficulty understanding the expected behavior of the 'viewrecursive' constraint action. If I define a page with a viewrecursive security constraint, I would expect any subpages to inherit that same constraint. For example, given a deployment structure like:
<page> <page-name>A</page-name> ... <!-- page contents --> <page> <page-name>B</page-name> ... <!-- page contents --> <!-- no explicit security constraint --> </page> <security-constraint> <policy-permission> <role-name>RoleA</role-name> <action-name>viewrecursive</action-name> </policy-permission> </security-constraint> </page>
if (securityConstraints == null) { if (this instanceof PortalMetaData || this instanceof PageMetaData) { // Default is view recursive securityConstraints = new SecurityConstraintsMetaData(); RoleSecurityBinding binding = new RoleSecurityBinding(PortalObjectPermission.VIEW_RECURSIVE_ACTION, SecurityConstants.UNCHECKED_ROLE_NAME); securityConstraints.getConstraints().add(binding); } }