2 Replies Latest reply on Jul 17, 2007 8:01 AM by brownfielda

Expanded Programmatic Security

brownfielda Jul 16, 2007 8:57 AM

I'm attempting to write a portlet that has some additional internal security features. The overall goal will be to allow selected access to MBeans on a remote server (for the time being the goal is to restart foreign JVMs on a WAS 5.1 AS).

At any rate, I was hoping to make the security checks internal to the portlet based on a user's JBP roles. In doing so, I have set up portlet.xml with the following:

. . .
<security-role-ref>
 <role-name>MyPortletUser</role-name>
 <role-link>User</role-link>
</security-role-ref>
<security-role-ref>
 <role-name>MyPortletAdmin</role-name>
 <role-link>Admin</role-link>
</security-role-ref>
. . .

With this setup, I can programmatically check if a user is part of a particular group with isUserInRole() for either of the two listed roles. My curiosity is if the roles that I use inside the portlet are strictly defined by the contents of this descriptor.

Would it be possible to test against some other role-name, without editing the descriptor?

1. Re: Expanded Programmatic Security

julien1 Jul 16, 2007 3:51 PM (in response to brownfielda)

we want to add a feature (for quite a long time) that would avoid to check roles based on what is defined in portlet.xml but rather against the portal roles.
Actions
2. Re: Expanded Programmatic Security

brownfielda Jul 17, 2007 8:01 AM (in response to brownfielda)

Thanks for the information.

Any known workarounds or would it be best to modify the descriptors for the time being?

--Andrew
Actions

Go to original post