3 Replies Latest reply on Sep 20, 2007 2:31 PM by saigon_man

Render pages based on user roles

saigon_man Sep 18, 2007 10:09 AM

Hello,
Is it possible to render the pages based on the user roles? For examples, at startup, I like to display a login page with one login portlet first. Once the user logs in, the portal should know which pages it needs to render based on that user role. How can I achieve this?

Thanks,

SGM

1. Re: Render pages based on user roles

saigon_man Sep 20, 2007 10:11 AM (in response to saigon_man)
I found the answer to this, eventhough this just satisfied part of my problem. To render the tabs/pages and/or portlets based on user's roles,

1. In *-object.xml
1.1 Under the security-constraint tag, list all possible usernames who can access to this portal

<security-constraint> <policy-permission> <role-name>User</role-name> <action-name>view</action-name> </policy-permission> <policy-permission> <role-name>Admin</role-name> <action-name>view</action-name> </policy-permission> </security-constraint>

1.2 Then, under each tag, you should list the name of the users who can view this page

<security-constraint> <policy-permission> <role-name>Admin</role-name> <action-name>view</action-name> </policy-permission> </security-constraint>

The Admin username above can view all of the portlets defined for this page.

2. To restrict which portlets should be seen by this Admin user, in the portal-instances.xml, do the same security as above for each portlet instance

<deployment> <instance> <instance-id>HelloWorldPortletInstance</instance-id> <portlet-ref>HelloWorldPortlet</portlet-ref> <security-constraint> <policy-permission> <role-name>Admin</role-name> <action-name>view</action-name> </policy-permission> </security-constraint> </instance> </deployment>

With the codes above, the Admin user when he logs in that page, if there are more than one portlet besides the HelloWorldPortlet, he only sees the HelloWorldPortlet.

Hope this will help others who are looking for the same answer

SGM
Actions
2. Re: Render pages based on user roles

goks1 Sep 20, 2007 1:14 PM (in response to saigon_man)

SGM
Any idea if this role-level access to portlets can be setup at a more granular user-level. Making it role-based like you have illustrated can be achieved declaratively since roles do not get added that often. However, user-level access can be implemented only through a more dynamic database or LDAP lookup I believe. Say for example I have two users in my system both of who are mapped to the Admin-role. However, I want to restrict one of the admins from viewing certain portlets. One may think that creating a new role is the option. Fair enough if the role were only "Admin" because no. of admins usually is limited but the moment you want to implement it for role "User" the solution does not scale.
Any thoughts on how one can achieve this ?
Actions
3. Re: Render pages based on user roles

saigon_man Sep 20, 2007 2:31 PM (in response to saigon_man)

It sounds like you want two users with the same role be able to see different portlets. I don't know if you'll be able to do this since you need to state the portlets and its users upfront in the *-object.xml
Would there be a profile setup option for each user existing in Jboss portal? If there is, that's something you should look at. If you do find this, let me know because I am interest in this as well

SGM
Actions

Go to original post