2 Replies Latest reply on Jul 17, 2007 8:01 AM by Andrew Brownfield

    Expanded Programmatic Security

    Andrew Brownfield Newbie

      I'm attempting to write a portlet that has some additional internal security features. The overall goal will be to allow selected access to MBeans on a remote server (for the time being the goal is to restart foreign JVMs on a WAS 5.1 AS).

      At any rate, I was hoping to make the security checks internal to the portlet based on a user's JBP roles. In doing so, I have set up portlet.xml with the following:

      . . .
      <security-role-ref>
       <role-name>MyPortletUser</role-name>
       <role-link>User</role-link>
      </security-role-ref>
      <security-role-ref>
       <role-name>MyPortletAdmin</role-name>
       <role-link>Admin</role-link>
      </security-role-ref>
      . . .


      With this setup, I can programmatically check if a user is part of a particular group with isUserInRole() for either of the two listed roles. My curiosity is if the roles that I use inside the portlet are strictly defined by the contents of this descriptor.

      Would it be possible to test against some other role-name, without editing the descriptor?