3 Replies Latest reply on Dec 21, 2010 7:52 AM by Bjarte Tynning

    Denying access control by code

    Bjarte Tynning Newbie

      Making portlets unavailable (hidden) for some user groups seems straightforward using the portlet management pages. Is there however a standardised way to do this programmatically? I use Spring MVC 3.0.5 on GateIn 3.1.

       

      I thought about using a RenderFilter that stops the filter chain for certain users. When invoking doFilter(…)  for unauthorised users I want to hide the entire portlet with its title bar, not just the portlet content. My questions are: Is there a common way to hide a portlet by code? Am I on the right track at all when considering a RenderFilter for this task?  

      I guess could get around this problem by adding a flag to the RenderRequest saying whether the portlet should be hidden by JavaScript, but I do hope there is a better way to solve it.

        • 1. Re: Denying access control by code
          Minh Hoang TO Novice

          To set access-permission on a portlet window, the declarative way is to configure the element <access-permission> in pages.xml as you mentionned. The programmatical way is to invoke the method setAccessPermission(String[] ) on instance of UIPortlet  (each portlet window is represented by a UIPortlet object)

           

          @BJarte: Could you explain why the need of setting access-permission programmatically.

          • 2. Re: Denying access control by code
            Bjarte Tynning Newbie

            Thank you for your response Minh. My question was inaccurate.

             

            "My" business grants almost the same shopping permissions for anonymous users as for customers with a profile. Hence we secretly give the anonymous users a fixed username (say 'ANON'). This username has almost the same group belongings as our known customers with most limited permissions. Therefore, I have to do a more fine-grained access control in my portlet application programmatically. The business' user administration is beyond my reach.

            My idea is adding 'ANON' (we have some more predefined anonymous usernames) to a group like i.e. 'Guest'. This can be done declaratively. In my render filter I treat the users belonging to 'Guest'. I noticed your answer in another thread where you suggested UserACL. This class provides isUserInGroup(group) which seems useful. Do you agree? Do you know how to retrieve an instance of UserACL? Can it be done by the render request?

             

            Then, my second problem is figuring out how to hide a portlet like the GateIn's access control does.

            • 3. Re: Denying access control by code
              Bjarte Tynning Newbie

              The first problem was solved by:

               

              UserACL acl = (UserACL)ExoContainerContext.getCurrentContainer().getComponentInstanceOfType(UserACL.class);

              if(acl.isUserInGroup(acl.getGuestsGroup())){…}

               

              Quite simple when you know

               

              Then I have one problem left: The guest has no access permission to some of the portlets. How do I hide them at runtime? Any answer will be appreciated!