Implement declarative portlet security constraints ("Security at the portlet level") feature.
In Jetspeed 2.0, you can only define security permissions for a portlet. You cannot define security constraints for a portlet.
The portal will hold a direct relationship between a portlet and a security-constraint-definition.
Security Constraints are not Java Security Permissions, but a Jetspeed specific way of securing portlets, also known as PSML constraints.
See the <i>page.security</i> file for examples of defining security constraint definitions.
If a Jetspeed Security Constraint is not defined for a portlet, the constraint applied will then fallback to the constraint defined for the portlet application.
If the portlet application does not define a constraint, then no security constraints will be applied to this portlet.
Security constraints for a portlet are normally checking during the render process of a portlet and will be applied to all pipelines.
The constraints will be defined in the jetspeed-portlet.xml deployment descriptor, holding a named security constraint references
<portlet-app id="demo" version="1.0"
|Status||Resolved [ 5 ]||Closed [ 6 ]|
|Fix Version/s||2.1 [ 12310617 ]|
|Status||In Progress [ 3 ]||Resolved [ 5 ]|
|Resolution||Fixed [ 1 ]|
|Field||Original Value||New Value|
|Status||Open [ 1 ]||In Progress [ 3 ]|