[ICE-1674] Make enabledOnUserRole sensitive to PortletRequest.isUserInRole() - ICEsoft JIRA Issue Tracker

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.6DR#5
Fix Version/s: 2.0-Beta2, 2.0.0
Component/s: Framework
Labels:
None
Environment:
Win XP / JDK 1.4 / Tomcat 5.5.17 / Liferay 4.3.0-RC1

Description

See: http://docs.jboss.org/jbportal/spec/docs/javax/portlet/PortletRequest.html#isUserInRole(java.lang.String)

Issue Links

depends on

ICE-3420 Support for JSR 329 - the JSF Portlet 2.0 Bridge specification.

Closed

is duplicated by

ICE-2650 Make enabledOnUserRole sensitive to PortletRequest.isUserInRole() during Ajax Push

Closed

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Ken Fyten added a comment - 18/Sep/07 5:03 PM

renderedOnUserRole is only reliable when using the ACEGI security. We need to test ACEGI with portlets to see if supporting this API is feasible with ACEGI configured.

Show

Ken Fyten added a comment - 18/Sep/07 5:03 PM renderedOnUserRole is only reliable when using the ACEGI security. We need to test ACEGI with portlets to see if supporting this API is feasible with ACEGI configured.

Hide

Permalink

Ted Goddard added a comment - 21/Jan/08 11:10 AM

Code changes for

http://jira.icefaces.org/browse/ICE-2625

have resolved this for synchronous mode portlets. To resolve for asynchronous mode will either require configuration of acegi for portlets (not sure if this is possible) or, under the conditions that it is possible, to use an alternate portlet request to detect the user role (such as a blocked request).

A separate JIRA will be created for portlet asynchronous security.

Show

Ted Goddard added a comment - 21/Jan/08 11:10 AM Code changes for http://jira.icefaces.org/browse/ICE-2625 have resolved this for synchronous mode portlets. To resolve for asynchronous mode will either require configuration of acegi for portlets (not sure if this is possible) or, under the conditions that it is possible, to use an alternate portlet request to detect the user role (such as a blocked request). A separate JIRA will be created for portlet asynchronous security.

Hide

Permalink

Ted Goddard added a comment - 21/Jan/08 11:16 AM

Separate JIRA created:

http://jira.icefaces.org/browse/ICE-2650

Show

Ted Goddard added a comment - 21/Jan/08 11:16 AM Separate JIRA created: http://jira.icefaces.org/browse/ICE-2650

Hide

Permalink

Ted Goddard added a comment - 30/Jan/08 5:01 PM

Unfortunately, we didn't interact with the portlet correctly during initial testing. User roles are lost during portlet interaction (we believed at the time it was due to Ajax Push) because those interactions take place via ServletRequest objects, not PortletRequest objects.

To support user roles with Portlets we will likely need either: acegi for Portlets, or to cache user role determinations (note that the caching cannot work in all cases because the user roles could change during portlet execution, which is potentially a security hole, and user roles requested during the initial page view may be different from those requested during subsequent views; there are reasonable ways to structure pages to work around this, however).

Show

Ted Goddard added a comment - 30/Jan/08 5:01 PM Unfortunately, we didn't interact with the portlet correctly during initial testing. User roles are lost during portlet interaction (we believed at the time it was due to Ajax Push) because those interactions take place via ServletRequest objects, not PortletRequest objects. To support user roles with Portlets we will likely need either: acegi for Portlets, or to cache user role determinations (note that the caching cannot work in all cases because the user roles could change during portlet execution, which is potentially a security hole, and user roles requested during the initial page view may be different from those requested during subsequent views; there are reasonable ways to structure pages to work around this, however).

Hide

Permalink

Deryk Sinotte added a comment - 26/Jun/09 3:58 PM

General and proper portlet support for ICEfaces 2.0 falls under the parent issue of the JSF Portlet Bridge.

Show

Deryk Sinotte added a comment - 26/Jun/09 3:58 PM General and proper portlet support for ICEfaces 2.0 falls under the parent issue of the JSF Portlet Bridge.

Hide

Permalink

Ken Fyten added a comment - 26/Apr/10 12:41 PM

This is only relevant to the IF 1.8 compat components in IF 2.0.

Show

Ken Fyten added a comment - 26/Apr/10 12:41 PM This is only relevant to the IF 1.8 compat components in IF 2.0.

Hide

Permalink

Deryk Sinotte added a comment - 13/Oct/10 3:33 PM

The new portlet bridge does support this usage and all the ICEfaces 1.8 components that rely on ExternalContext() isUserInRole method to determine the validity of the user's role are supported. This includes custom attributes like renderedOnUserRole. Going forward, the next generation of ICEfaces components will not expose similar custom attributes but the same functionality can be achieved by using simple EL expressions bound to standard attributes like rendered or disabled.

Show

Deryk Sinotte added a comment - 13/Oct/10 3:33 PM The new portlet bridge does support this usage and all the ICEfaces 1.8 components that rely on ExternalContext() isUserInRole method to determine the validity of the user's role are supported. This includes custom attributes like renderedOnUserRole. Going forward, the next generation of ICEfaces components will not expose similar custom attributes but the same functionality can be achieved by using simple EL expressions bound to standard attributes like rendered or disabled.

People

Assignee:

Neil Griffin

Reporter:

Neil Griffin

Votes:

1 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

04/Jun/07 3:25 PM

Updated:

03/Jan/11 4:18 PM

Resolved:

13/Oct/10 3:33 PM