2 Replies Latest reply on Aug 7, 2008 2:23 PM by Maverick

    JBoss 2.6 CMS Security Issue

    David Hoffman Newbie

      I am using jboss-portal-2.6.1.GA using builtin database, auth module, and CMS capabilities.

      When I have a window assigned to a region on a page, pointed to CMS content "XYZ", and I have CMS content "XYZ" security set such that the user I am logging into the portal with does not have access to that piece of content, the following shows up inside the context of the window associated with that content:

      Access Denied
      You are not allowed to access the following resource - /default/Common/ServiceAdvisories/default.htm
      


      The desired behavior would be for the window to simply disappear and not be available to the user.

      In previous versions, we could define multiple instances of the CMS Content Portlet and by setting the permissions on the instance, the window associated with that instance would simply disappear if the user did not have access to it.

      Given that "CHANGE IS GOOD", and I don't want to go back to a previous version, how can I achieve the same effect as I was able to achieve previously while still leveraging the latest and greatest CMS functionality and not going off and developing my own JSR 168 porlet.

      Because of the way my UI is designed, even being able to make that message (above) be a blank space would solve my problem.

      Thank you in advance for any assistance you may be able to offer in this regard.