portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j...@apache.org
Subject [jira] Closed: (JS2-22) Security Feature Missing: Implement declarative security
Date Sat, 22 May 2004 17:59:01 GMT
Message:

   The following issue has been closed.

   Resolver: David Le Strat
       Date: Sat, 22 May 2004 10:57 AM

Implementation provided by Ate Douma.
---------------------------------------------------------------------
View the issue:
  http://issues.apache.org/jira/browse/JS2-22

Here is an overview of the issue:
---------------------------------------------------------------------
        Key: JS2-22
    Summary: Security Feature Missing: Implement declarative security
       Type: New Feature

     Status: Closed
   Priority: Major
 Resolution: FIXED

    Project: Jetspeed 2
 Components: 
             Security
   Fix Fors:
             2.0-a1
   Versions:
             2.0-a1

   Assignee: David Le Strat
   Reporter: David Le Strat

    Created: Mon, 26 Apr 2004 9:16 AM
    Updated: Sat, 22 May 2004 10:57 AM

Description:
As far as I have understood the portlet specification (PLT.20) security must be supported
like it is specified in Servlet 2.3 specification SRV12.

In particular, programmic security through Request.isUserInRole(RoleName) must be supported(PLT.20.3).

Role restrictions for one or more portlets can be defined in 
portlet.xml as a role reference to a security role defined in web.xml.
Therefore, to be able to perform isUserInRole(RoleName)  for an 
authenticated user the portlet container has to lookup the real role name as defined in web.xml
as referenced by the RoleName
defined in portlet.xml. The already implemented RoleManager.isUserInRole(username,rolename)
can then be used to resolve the question.
This part is currently fully absent. Once this would be available the
full role based security would be almost trivial to implement I think.

Looking at the deployer implementation parsed portlet.xml security 
definitions are not used yet and the web.xml isn't really parsed at all.



---------------------------------------------------------------------
JIRA INFORMATION:
This message is automatically generated by JIRA.

If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa

If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message