0 Replies Latest reply on Oct 20, 2005 11:30 PM by Bruce

    question about securing portlets in jboss-portal

    Bruce Newbie

      Question background:(1). JSR 168 specifications does not define any particular security implementation. We can get the authenticated user and its role to control security when we design a portlet. That means each portlet defines its own security mechanism.
      (2). In JBoss Portal Reference Giude, we were told securing jboss portlet with jboss-portlet.xml. We can configure permissions and assign roles. Then we can use hasPermission(String permission) method of JBossRenderRequest or JBossActionRequest to check user accessing.
      (3).At the same time, in jBoss portal, there is a permission portlet, in JBoss portal user gudie, we were told we can use this permissionPortlet to manage permissions for portlets.

      Questions:
      1. What's the differences between Jboss-portlet.xml and permissionPortlet securing mechanism? Are there any references?