7 Replies Latest reply on Mar 18, 2008 11:31 AM by Peter Johnson

    How to make a portlet secured

    Shakti Purohit Newbie

      Hi all,

      I have deployed HelloWorldPortlet (avaialble at portletSwap.com) on JBoss Portal 2.6. Now I need to make this portlet secured so that only users from the roles defined in portlet-instance.xml can access this portlet. I have made proper entries for security-constraints in portlet-instances.xml but to no avail. Any user can access the portlet. The entry I made look like this:




      <instance-id>AJAXSearchViewerPortletInstance</instance-id>
      <portlet-ref>AJAXSearchViewerPortlet</portlet-ref>
      <security-constraint>
      <policy-permission>
      <role-name>Admin</role-name>
      <action-name>admin</action-name>
      </policy-permission>
      </security-constraint>





      Question:
      1. Just making an entry in portlet-instance.xml would do?
      2. Or I need to do this programmatically? if so please provide references.

      Thanks,
      Shakti