portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (Resolved) (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] [Resolved] (JS2-1262) Enforced portlet level security constraints checking at render time through custom jetspeed-portlet.xml metadata
Date Tue, 04 Oct 2011 03:25:34 GMT

     [ https://issues.apache.org/jira/browse/JS2-1262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Ate Douma resolved JS2-1262.

    Resolution: Fixed
> Enforced portlet level security constraints checking at render time through custom jetspeed-portlet.xml
> -----------------------------------------------------------------------------------------------------------------
>                 Key: JS2-1262
>                 URL: https://issues.apache.org/jira/browse/JS2-1262
>             Project: Jetspeed 2
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.2.1
>            Reporter: Ate Douma
>            Assignee: Ate Douma
>             Fix For: 2.2.2
> For some administrative portlets it is required to enforce security constraints on portlet
definition level, e.g. restrict (all) usage for certain admin portlets to users having admin
> By default, Jetspeed only enforces portlet level security constraints (see: http://portals.apache.org/jetspeed-2/deployguide/guide-registry.html,
section jetspeed-portlet.xml) while adding new portlet instances to a page/fragment.
> Once a portlet has been instantiated, only the page/fragment security constraints are
> This default behavior can be changed globally, but has rather a high impact as potentially
the expected behavior of existing portlet instances might thereby change.
> As an light-weight alternative, I will add support for an additonal, portlet level meta
data configuration through jetspeed-portlet.xml which allows turning this behavior on for
individual portlets only.
> By adding a <js:metadata name="render-time.security-constraints">true</js:metadata>
tag to a portlet configuration in jetspeed-portlet.xml, the security constraints for that
portlet will be enforced at render time.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

View raw message