-
1. Re: authorisation facilities access from within portlet
theute Jan 11, 2007 5:33 AM (in response to radzish)Hello.
you can check the permission on a role by using the request.isUserInRole("myRole")
It would return true if the user has the role "myRole".
Would that be enough for you ?
(if you define new roles other than "user" and "admin" you need to define them in portlet.xml so that it can work. See the JSR 168 specifications for more details.)
I hope this will help. -
2. Re: authorisation facilities access from within portlet
radzish Jan 11, 2007 6:43 AM (in response to radzish)Thank you for answer.
Unfortunatelly it is not enough for me. The problem is that I need to check permission of the current user for any PortalObjectNode instance from within my portlet (my custom navigation portlet).
Of course, I can invent my own security-role property of page/window and getting it from my portlet and then check permissions using isUserInRole functionality, but i would not like to reinnvent the wheel.
I believe that I can achieve my goal in the same way as it was implemented in org.jboss.portal.core.aspects.controller.PageCustomizerInterceptor.injectTabbedNav()
Bu, PageCustomizer has access to PortalAuthorizationManagerFactory, thus to PortalAuthorizationManager for permission checking.
From within portlet I had retrieved this factory using following:PortalAuthorizationManagerFactory pamf = (PortalAuthorizationManagerFactory) JMX.getMBeanProxy(PortalAuthorizationManagerFactory.class, "portal:service=PortalAuthorizationManagerFactory");
Factory and Manager seemed like got OK, but when I use checkPermission() method of the Manager,
org.hibernate.HibernateException: Unable to locate current JTA transaction
exception is thrown.
Do you have any ideas? -
3. Re: authorisation facilities access from within portlet
radzish Jan 11, 2007 8:35 AM (in response to radzish)I have just found sollution!
I injected PortalAuthorizationManagerFactory service into my navigation portlet in jboss-portlet.xml like following:
<service-name>AMF</service-name>
<service-class>org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory</service-class>
<service-ref>:service=PortalAuthorizationManagerFactory</service-ref>
and then get the service from portlet context attribute with name "AMF"
This seems to be the most proper way to access jboss portal services and works fine with no exceptions now. -
4. Re: authorisation facilities access from within portlet
julien1 Jan 11, 2007 9:21 AM (in response to radzish)Actually yes, you are right.
Could you add this to our wiki for other users ? -
5. Re: authorisation facilities access from within portlet
antoine_h Apr 17, 2007 4:27 AM (in response to radzish)Yes, wiki would be good.
but if I understood well, the wiki subject must be created by a jboss user, no ?
=> how to create a subject ? I did not find it (for other contribution, before).
by the way, as you have declared the pamf service in the portlet description (jboss-portlet.xml), you can then retrieve it with :PortalAuthorizationManagerFactory pamf = (PortalAuthorizationManagerFactory) getPortletContext().getAttribute("AMF");
more direct... no ? -
6. Re: authorisation facilities access from within portlet
theute Apr 17, 2007 5:12 AM (in response to radzish)To create a new wiki page, just reference it from another page, then you will get a ? to click on.
Or:
Go to something like:
http://wiki.jboss.org/wiki/Wiki.jsp?page=MyWikiPage
replace MyWikiPage by anything. Then reference it from other pages.