-
1. Re: How to link Gatein security roles to portlet roles
infoni Sep 7, 2011 3:32 PM (in response to infoni)So nobody knows how we can link Gatein security roles to portlet roles? I wouldnt like to open a new jira issue if i just stupidly missed a specific configuration file :/
I ask a last time before JIRA
In more simple steps:
0/ declare a role in web.xml: <security-role> <description>Managers description</description> <role-name>manager</role-name> </security-role>
1/ declare a role in portlet xml: <security-role-ref> <role-name>manager</role-name> <role-link>manager</role-link> </security-role-ref>
2/ In Gatein Portlet Administration UI: set [manager] role on your portlet for root group "/platform/administrators"
3/ In any portlet JSP page, logged as root: renderRequest.isUserInRole("manager") returns false whereas it should return true
-
2. Re: How to link Gatein security roles to portlet roles
mposolda Sep 8, 2011 2:02 AM (in response to infoni)1 of 1 people found this helpfulHi,
It seems there is little confusion. "member", "manager" and "validator" are membership types, when "/platform/administrators" and "/platform/users" are groups. Groups, membership type and user together creates membership. So membership means "user john is manager of group /platform/administrators".
Portlet roles and web j2ee roles are taken from groups, not from membership types. There is special component called RolesExtractor, which is used for this mapping. In your case, users from "/platform/administrators" are mapped to role "administrators" not to role "manager".
More info about RolesExtractor and GateIn identity is here http://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ especially Q3. Other useful informations are in GateIn reference guide.
Hope this helps,
Marek
-
3. Re: How to link Gatein security roles to portlet roles
infoni Sep 9, 2011 11:19 AM (in response to infoni)Marek,
thank you very much for your answer.
I replaced in portlet.xml my previous code with:
<security-role-ref> <role-name>administrator</role-name> <role-link>administrators</role-link> </security-role-ref>
<security-role-ref> <role-name>standard</role-name> <role-link>users</role-link> </security-role-ref>
and indeed it works, administrator and standard role are now recognized in my portlet application! I created also a new /platform/powerusers group, and then portlet power users are recognized too. I believed portlet roles were mapped with memberships, not with groups.
thanks a lot