To set access-permission on a portlet window, the declarative way is to configure the element <access-permission> in pages.xml as you mentionned. The programmatical way is to invoke the method setAccessPermission(String ) on instance of UIPortlet (each portlet window is represented by a UIPortlet object)
@BJarte: Could you explain why the need of setting access-permission programmatically.
Thank you for your response Minh. My question was inaccurate.
"My" business grants almost the same shopping permissions for anonymous users as for customers with a profile. Hence we secretly give the anonymous users a fixed username (say 'ANON'). This username has almost the same group belongings as our known customers with most limited permissions. Therefore, I have to do a more fine-grained access control in my portlet application programmatically. The business' user administration is beyond my reach.
My idea is adding 'ANON' (we have some more predefined anonymous usernames) to a group like i.e. 'Guest'. This can be done declaratively. In my render filter I treat the users belonging to 'Guest'. I noticed your answer in another thread where you suggested UserACL. This class provides isUserInGroup(group) which seems useful. Do you agree? Do you know how to retrieve an instance of UserACL? Can it be done by the render request?
Then, my second problem is figuring out how to hide a portlet like the GateIn's access control does.
The first problem was solved by:
UserACL acl = (UserACL)ExoContainerContext.getCurrentContainer().getComponentInstanceOfType(UserACL.class);
Quite simple when you know
Then I have one problem left: The guest has no access permission to some of the portlets. How do I hide them at runtime? Any answer will be appreciated!