So nobody knows how we can link Gatein security roles to portlet roles? I wouldnt like to open a new jira issue if i just stupidly missed a specific configuration file :/
I ask a last time before JIRA
In more simple steps:
0/ declare a role in web.xml: <security-role> <description>Managers description</description> <role-name>manager</role-name> </security-role>
1/ declare a role in portlet xml: <security-role-ref> <role-name>manager</role-name> <role-link>manager</role-link> </security-role-ref>
2/ In Gatein Portlet Administration UI: set [manager] role on your portlet for root group "/platform/administrators"
3/ In any portlet JSP page, logged as root: renderRequest.isUserInRole("manager") returns false whereas it should return true
1 of 1 people found this helpful
It seems there is little confusion. "member", "manager" and "validator" are membership types, when "/platform/administrators" and "/platform/users" are groups. Groups, membership type and user together creates membership. So membership means "user john is manager of group /platform/administrators".
Portlet roles and web j2ee roles are taken from groups, not from membership types. There is special component called RolesExtractor, which is used for this mapping. In your case, users from "/platform/administrators" are mapped to role "administrators" not to role "manager".
More info about RolesExtractor and GateIn identity is here http://community.jboss.org/wiki/GateInIdentityAndSecurityFAQ especially Q3. Other useful informations are in GateIn reference guide.
Hope this helps,
thank you very much for your answer.
I replaced in portlet.xml my previous code with:
<security-role-ref> <role-name>administrator</role-name> <role-link>administrators</role-link> </security-role-ref>
<security-role-ref> <role-name>standard</role-name> <role-link>users</role-link> </security-role-ref>
and indeed it works, administrator and standard role are now recognized in my portlet application! I created also a new /platform/powerusers group, and then portlet power users are recognized too. I believed portlet roles were mapped with memberships, not with groups.
thanks a lot