4 Replies Latest reply on Apr 30, 2007 9:35 AM by jgilbert

    PageCustomizerInterceptor not restricting tabs based on role

    jgilbert

      Looking at the PageCustomizerInterceptor class it performs security checks before rendering tabs but it does not seem to be working. JACCPortalAuthorizationManager is always returning true for checkPermission.

      I'm fairly certain that I have setup my security constraints properly in my *-object.xml file because when i click on a tab i get the right security message.

      Any ideas what is going wrong?

       <security-constraint>
       <policy-permission>
       <role-name>MyRole</role-name>
       <action-name>view</action-name>
       <action-name>viewrecursive</action-name>
       <action-name>personalizerecursive</action-name>
       </policy-permission>
       </security-constraint>