Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
unspecified
-
None
-
Operating System: Other
Platform: Other
-
28708
Description
Method isUserInRole(String) of class
org.apache.pluto.core.impl.PortletRequestImpl must use the security role
reference mapping defined in portlet.xml (spec. jsr168 PLT.20.3).
I propose this new method for the implementation:
BEGIN ======================================================
public boolean isUserInRole(String roleName)
{
boolean userInRole = false;
SecurityRoleRef securityRoleRef = portletWindow.getPortletEntity
().getPortletDefinition().getInitSecurityRoleRefSet().get(roleName);
/*
- PLT.20.3:
- "... A security-role-ref element MUST be declared by the
portlet - in deployment descriptor with a role-name sub-element
containing - the role-name to be passed to the method."
*/
if ( securityRoleRef != null )Unknown macro: { String roleLink = securityRoleRef.getRoleLink(); if (roleLink == null) { /* "If the security-role-ref element does not define a role-link element, * the container must default to checking the role- name element argument * against the list of security-role elements defined in the web.xml * deployment descriptor of the portlet application." */ roleLink = roleName; } userInRole = this._getHttpServletRequest().isUserInRole(roleLink); }return userInRole;
}
END ======================================================
Regards,
Fred. Arnoud