1 Reply Latest reply on Jan 13, 2007 3:29 AM by theute

JBoss Portal 2.6DR security functionality Issues

swestbom Jan 12, 2007 4:56 PM

Removing permissions on a page doesn't remove it from the view shown to the end user

Removing permissions on a portlet instance within a page doesn't remove it from the view you get Access Denied in the heading and portlet. Neither of these behaviors is really very good. If there are no permissions on a page or portlet for a given role it shouldn't show.

1. Re: JBoss Portal 2.6DR security functionality Issues

theute Jan 13, 2007 3:29 AM (in response to swestbom)

Hello,

if you don't want to show access denied on a window:
See 6.2.2 in:
http://docs.jboss.org/jbportal/v2.4/reference-guide/en/html/xmldescriptors.html

CHange: core.render.window_access_denied to hide.

By default it is set for development mode, where you want to know why a window is not showing

I was not aware of the first point, do you mind checking in the alpha release that is being released and report a bug in Jira if the problem still occurs ?

Thanks !
Actions