Implement declarative portlet security constraints ("Security at the portlet level") feature.
In Jetspeed 2.0, you can only define security permissions for a portlet. You cannot define security constraints for a portlet.
The portal will hold a direct relationship between a portlet and a security-constraint-definition.
Security Constraints are not Java Security Permissions, but a Jetspeed specific way of securing portlets, also known as PSML constraints.
See the <i>page.security</i> file for examples of defining security constraint definitions.
If a Jetspeed Security Constraint is not defined for a portlet, the constraint applied will then fallback to the constraint defined for the portlet application.
If the portlet application does not define a constraint, then no security constraints will be applied to this portlet.
Security constraints for a portlet are normally checking during the render process of a portlet and will be applied to all pipelines.
The constraints will be defined in the jetspeed-portlet.xml deployment descriptor, holding a named security constraint references
<portlet-app id="demo" version="1.0"