[ICE-1674] Make enabledOnUserRole sensitive to PortletRequest.isUserInRole() - ICEsoft JIRA Issue Tracker

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.6DR#5
Fix Version/s: 2.0-Beta2, 2.0.0
Component/s: Framework
Labels:
None
Environment:
Win XP / JDK 1.4 / Tomcat 5.5.17 / Liferay 4.3.0-RC1

Description

See: http://docs.jboss.org/jbportal/spec/docs/javax/portlet/PortletRequest.html#isUserInRole(java.lang.String)

Issue Links

depends on

ICE-3420 Support for JSR 329 - the JSF Portlet 2.0 Bridge specification.

Closed

is duplicated by

ICE-2650 Make enabledOnUserRole sensitive to PortletRequest.isUserInRole() during Ajax Push

Closed

Activity

Ascending order - Click to sort in descending order

Neil Griffin created issue - 04/Jun/07 3:25 PM

Ken Fyten made changes - 17/Aug/07 5:18 PM

Field	Original Value	New Value
Fix Version/s		1.7 [ 10080 ]
Assignee		Jack van Ooststroom [ jack.van.ooststroom ]

Ken Fyten made changes - 17/Aug/07 6:02 PM

Fix Version/s		1.7DR#1 [ 10100 ]
Fix Version/s	1.7 [ 10080 ]

Hide

Permalink

Ken Fyten added a comment - 18/Sep/07 5:03 PM

renderedOnUserRole is only reliable when using the ACEGI security. We need to test ACEGI with portlets to see if supporting this API is feasible with ACEGI configured.

Show

Ken Fyten added a comment - 18/Sep/07 5:03 PM renderedOnUserRole is only reliable when using the ACEGI security. We need to test ACEGI with portlets to see if supporting this API is feasible with ACEGI configured.

Ken Fyten made changes - 18/Sep/07 5:03 PM

Fix Version/s		1.7 [ 10080 ]
Fix Version/s	1.7DR#1 [ 10100 ]

Ken Fyten made changes - 07/Jan/08 4:19 PM

Assignee

Jack van Ooststroom [ jack.van.ooststroom ]

Ted Goddard [ ted.goddard ]

Hide

Permalink

Ted Goddard added a comment - 21/Jan/08 11:10 AM

Code changes for

http://jira.icefaces.org/browse/ICE-2625

have resolved this for synchronous mode portlets. To resolve for asynchronous mode will either require configuration of acegi for portlets (not sure if this is possible) or, under the conditions that it is possible, to use an alternate portlet request to detect the user role (such as a blocked request).

A separate JIRA will be created for portlet asynchronous security.

Show

Ted Goddard added a comment - 21/Jan/08 11:10 AM Code changes for http://jira.icefaces.org/browse/ICE-2625 have resolved this for synchronous mode portlets. To resolve for asynchronous mode will either require configuration of acegi for portlets (not sure if this is possible) or, under the conditions that it is possible, to use an alternate portlet request to detect the user role (such as a blocked request). A separate JIRA will be created for portlet asynchronous security.

Ted Goddard made changes - 21/Jan/08 11:10 AM

Status	Open [ 1 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Hide

Permalink

Ted Goddard added a comment - 21/Jan/08 11:16 AM

Separate JIRA created:

http://jira.icefaces.org/browse/ICE-2650

Show

Ted Goddard added a comment - 21/Jan/08 11:16 AM Separate JIRA created: http://jira.icefaces.org/browse/ICE-2650

Hide

Permalink

Ted Goddard added a comment - 30/Jan/08 5:01 PM

Unfortunately, we didn't interact with the portlet correctly during initial testing. User roles are lost during portlet interaction (we believed at the time it was due to Ajax Push) because those interactions take place via ServletRequest objects, not PortletRequest objects.

To support user roles with Portlets we will likely need either: acegi for Portlets, or to cache user role determinations (note that the caching cannot work in all cases because the user roles could change during portlet execution, which is potentially a security hole, and user roles requested during the initial page view may be different from those requested during subsequent views; there are reasonable ways to structure pages to work around this, however).

Show

Ted Goddard added a comment - 30/Jan/08 5:01 PM Unfortunately, we didn't interact with the portlet correctly during initial testing. User roles are lost during portlet interaction (we believed at the time it was due to Ajax Push) because those interactions take place via ServletRequest objects, not PortletRequest objects. To support user roles with Portlets we will likely need either: acegi for Portlets, or to cache user role determinations (note that the caching cannot work in all cases because the user roles could change during portlet execution, which is potentially a security hole, and user roles requested during the initial page view may be different from those requested during subsequent views; there are reasonable ways to structure pages to work around this, however).

Ted Goddard made changes - 30/Jan/08 5:01 PM

Resolution	Fixed [ 1 ]
Status	Resolved [ 5 ]	Reopened [ 4 ]

Ken Fyten made changes - 03/Mar/08 10:50 AM

Fix Version/s		1.7.1 [ 10122 ]
Fix Version/s	1.7 [ 10080 ]
Assignee	Ted Goddard [ ted.goddard ]

Ken Fyten made changes - 18/Apr/08 5:39 PM

Fix Version/s

1.7.1 [ 10122 ]

Deryk Sinotte made changes - 24/Jun/08 4:50 PM

Assignee

Deryk Sinotte [ deryk.sinotte ]

Hide

Permalink

Deryk Sinotte added a comment - 26/Jun/09 3:58 PM

General and proper portlet support for ICEfaces 2.0 falls under the parent issue of the JSF Portlet Bridge.

Show

Deryk Sinotte added a comment - 26/Jun/09 3:58 PM General and proper portlet support for ICEfaces 2.0 falls under the parent issue of the JSF Portlet Bridge.

Deryk Sinotte made changes - 26/Jun/09 3:58 PM

Link

This issue depends on ~~ICE-3420~~ [ ~~ICE-3420~~ ]

Deryk Sinotte made changes - 26/Jun/09 3:59 PM

Salesforce Case		[]
Fix Version/s		2.0 [ 10032 ]

Deryk Sinotte made changes - 28/Jan/10 3:50 PM

Assignee

Deryk Sinotte [ deryk.sinotte ]

Hide

Permalink

Ken Fyten added a comment - 26/Apr/10 12:41 PM

This is only relevant to the IF 1.8 compat components in IF 2.0.

Show

Ken Fyten added a comment - 26/Apr/10 12:41 PM This is only relevant to the IF 1.8 compat components in IF 2.0.

Ken Fyten made changes - 26/Apr/10 12:41 PM

Salesforce Case		[]
Fix Version/s		2.0-Beta [ 10231 ]
Fix Version/s	2.0-Alpha3 [ 10032 ]

Ken Fyten made changes - 26/Apr/10 12:48 PM

Link

This issue is duplicated by ~~ICE-2650~~ [ ~~ICE-2650~~ ]

Ken Fyten made changes - 16/Jul/10 11:17 AM

Fix Version/s		2.0-Beta2 [ 10242 ]
Fix Version/s	2.0-Beta1 [ 10231 ]

Deryk Sinotte made changes - 13/Oct/10 1:44 PM

Salesforce Case		[]
Assignee		Neil Griffin [ ngriffin7a ]

Deryk Sinotte made changes - 13/Oct/10 1:46 PM

Salesforce Case		[]
Component/s		Framework [ 10013 ]
Component/s	Components [ 10012 ]

Hide

Permalink

Deryk Sinotte added a comment - 13/Oct/10 3:33 PM

The new portlet bridge does support this usage and all the ICEfaces 1.8 components that rely on ExternalContext() isUserInRole method to determine the validity of the user's role are supported. This includes custom attributes like renderedOnUserRole. Going forward, the next generation of ICEfaces components will not expose similar custom attributes but the same functionality can be achieved by using simple EL expressions bound to standard attributes like rendered or disabled.

Show

Deryk Sinotte added a comment - 13/Oct/10 3:33 PM The new portlet bridge does support this usage and all the ICEfaces 1.8 components that rely on ExternalContext() isUserInRole method to determine the validity of the user's role are supported. This includes custom attributes like renderedOnUserRole. Going forward, the next generation of ICEfaces components will not expose similar custom attributes but the same functionality can be achieved by using simple EL expressions bound to standard attributes like rendered or disabled.

Deryk Sinotte made changes - 13/Oct/10 3:33 PM

Status	Reopened [ 4 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Ken Fyten made changes - 21/Dec/10 2:52 PM

Fix Version/s

2.0.0 [ 10230 ]

Ken Fyten made changes - 03/Jan/11 4:18 PM

Status

Resolved [ 5 ]

Closed [ 6 ]

People

Assignee:

Neil Griffin

Reporter:

Neil Griffin

Votes:

1 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

04/Jun/07 3:25 PM

Updated:

03/Jan/11 4:18 PM

Resolved:

13/Oct/10 3:33 PM