7 Replies Latest reply on Apr 17, 2007 7:09 AM by antoine_h

    authorisation facilities access from within portlet

    radzish
    radzish Jan 11, 2007 5:15 AM

      Hi All!

      I use JBoss Portal 2.6.0 Developer Release 1

      I am developing custom navigation portlet and I need to check permission of current user for particular page in order to display/not-to-display it in my navigation control.

      Can you tell me please, how can I do this (check permission).

      I see that this fucntionality can be implemented using PortalAuthorizationManagerFactory, but how can I obtain it from within portlet?

      Thanks in advance.

      • 3026 Views
      • Tags:
        • 1. Re: authorisation facilities access from within portlet
          theute
          theute Jan 11, 2007 5:33 AM (in response to radzish)

          Hello.

          you can check the permission on a role by using the request.isUserInRole("myRole")

          It would return true if the user has the role "myRole".

          Would that be enough for you ?

          (if you define new roles other than "user" and "admin" you need to define them in portlet.xml so that it can work. See the JSR 168 specifications for more details.)

          I hope this will help.

            • Actions
          • 2. Re: authorisation facilities access from within portlet
            radzish
            radzish Jan 11, 2007 6:43 AM (in response to radzish)

            Thank you for answer.
            Unfortunatelly it is not enough for me. The problem is that I need to check permission of the current user for any PortalObjectNode instance from within my portlet (my custom navigation portlet).

            Of course, I can invent my own security-role property of page/window and getting it from my portlet and then check permissions using isUserInRole functionality, but i would not like to reinnvent the wheel.

            I believe that I can achieve my goal in the same way as it was implemented in org.jboss.portal.core.aspects.controller.PageCustomizerInterceptor.injectTabbedNav()

            Bu, PageCustomizer has access to PortalAuthorizationManagerFactory, thus to PortalAuthorizationManager for permission checking.

            From within portlet I had retrieved this factory using following:

            PortalAuthorizationManagerFactory pamf = (PortalAuthorizationManagerFactory) JMX.getMBeanProxy(PortalAuthorizationManagerFactory.class, "portal:service=PortalAuthorizationManagerFactory");


            Factory and Manager seemed like got OK, but when I use checkPermission() method of the Manager,
            org.hibernate.HibernateException: Unable to locate current JTA transaction
            exception is thrown.

            Do you have any ideas?

              • Actions
            • 3. Re: authorisation facilities access from within portlet
              radzish
              radzish Jan 11, 2007 8:35 AM (in response to radzish)

              I have just found sollution!

              I injected PortalAuthorizationManagerFactory service into my navigation portlet in jboss-portlet.xml like following:


              <service-name>AMF</service-name>
              <service-class>org.jboss.portal.security.spi.auth.PortalAuthorizationManagerFactory</service-class>
              <service-ref>:service=PortalAuthorizationManagerFactory</service-ref>


              and then get the service from portlet context attribute with name "AMF"

              This seems to be the most proper way to access jboss portal services and works fine with no exceptions now.

                • Actions
              • 4. Re: authorisation facilities access from within portlet
                julien1 Jan 11, 2007 9:21 AM (in response to radzish)

                Actually yes, you are right.

                Could you add this to our wiki for other users ?

                  • Actions
                • 5. Re: authorisation facilities access from within portlet
                  antoine_h
                  antoine_h Apr 17, 2007 4:27 AM (in response to radzish)

                  Yes, wiki would be good.
                  but if I understood well, the wiki subject must be created by a jboss user, no ?
                  => how to create a subject ? I did not find it (for other contribution, before).

                  by the way, as you have declared the pamf service in the portlet description (jboss-portlet.xml), you can then retrieve it with :

                  PortalAuthorizationManagerFactory pamf = (PortalAuthorizationManagerFactory) getPortletContext().getAttribute("AMF");


                  more direct... no ?



                    • Actions
                  • 6. Re: authorisation facilities access from within portlet
                    theute
                    theute Apr 17, 2007 5:12 AM (in response to radzish)

                    To create a new wiki page, just reference it from another page, then you will get a ? to click on.

                    Or:
                    Go to something like:
                    http://wiki.jboss.org/wiki/Wiki.jsp?page=MyWikiPage

                    replace MyWikiPage by anything. Then reference it from other pages.

                      • Actions