4 Replies Latest reply on Jan 4, 2007 4:11 PM by mat.lowery

    How to unsecure a portal page

    mat.lowery

      Environment:
      JBoss Portal/AS Version: Downloaded JBoss Portal + JBoss AS 2.4
      OS Platform: Windows XP
      Java: 1.4.2_12

      Problem:
      I want to remove the security on (or "unsecure") certain portal pages that I've created. In other words, how do I get rid of You must login before you can view this.Click here message that appears in each portlet window?

      Basically, I want a node and its children to be accessible by everyone, even those who have not yet logged in.

      Additional item:
      I've tried every permutation of security settings that I can think of. I usually delete the server/default/data directory of the server between app server restarts.

        • 1. Re: How to unsecure a portal page
          peterj

          Hmm, this is a fairly unusual request. By default, your portlets should be visible by everyone. That is, as long as you did not specify any security settings in the *-object.xml and portlet-instances.xml files.

          Did you create a new portal or are you using default? If you are using default, did you create new pages or add your portlets to the default page?

          I will assume you created a new portal. You can try this. In the Management Portlet, select the portal, click on Security, and for Unchecked select viewrecursive. Do the same for the pages in the portal. Finally, click on Instances at the top of the Management Portlet, scroll down the list to view one of your portlet instances, click on the instance link (not on the portlet link!) and then click on Security. Make sure that the role Unchecked is set to view and no other roles are set. (Wish I could show you all of that visually.)


          You can also look at how security is set up for the default portal for hints on how to set up security.

          • 2. Re: How to unsecure a portal page
            mat.lowery

            Thanks for the reply!

            Using the Management portlet yielded mixed results. I ended up making the portlets disappear altogether! Besides, my goal is to get the config files (portlet.xml, portlet-instances.xml, and *-object.xml) to where they completely specify the configuration without needing to use the Management portlet.

            To clarify the objects to which I've applied security, I've specified security settings for both a new portal of my own and on new pages within the default portal. Neither of them seem to work as I expect.

            As a simple test, I removed all security constraints in portal-instances.xml and *-object.xml, deployed those files, deleted the data, log, tmp, work directories, and started the server. But every portlet has the You must login before you can view this.Click here message! I really don't understand.

            Every object is set to

            <if-exists>overwrite</if-exists>


            Hopefully what I meant by "unsecure" is clearer. I don't want to have to login to see the content of any particular portlet. Note that at one point, I had them "unsecured." But somehow I can't get back to that point.

            • 3. Re: How to unsecure a portal page
              peterj

              Try adding a security constrain to the portal definition in the *-object.xml file. Here is a suggestion, in context:

              <deployments>
               <deployment>
               <portal>
               ...
               <security-constraint>
               <policy-permission>
               <unchecked/>
               <action-name>view</action-name>
               <action-name>personalizerecursive</action-name>
               </policy-permission>
               </security-constraint>
               </portal>
               ...
               </deployment>
              </deployments>



              • 4. Re: How to unsecure a portal page
                mat.lowery

                Sorry; this problem was of my own creation--nothing to do with portal. Thanks anyway!