Skip to main content

JSR 286 PORTLET Security

Using Portal Roles in a Portlet-:

 Roles in Liferay Portal are the primary means for granting or restricting access to content. When a role is assigned to a user, the user is granted the permissions that have been defined for the role.

JSR 286 PORTLET Security

The JSR 286 portlet specification defines a means to specify roles used by portlets in their docroot/WEB-INF/portlet.xml descriptors.
The role names themselves, however, are not standardized. When these portlets run in Liferay, you’ll recognize familiar role names.

Noticed that the portlet which we have been using in our examples Offer Portlet references the roles

<security-role-ref>
<role-name>administrator</role-name>
</security-role-ref>
<security-role-ref>
<role-name>guest</role-name>
</security-role-ref>
<security-role-ref>
<role-name>power-user</role-name>
</security-role-ref>
<security-role-ref>
<role-name>user</role-name>
</security-role-ref>

Note-:

1. Your portlet.xml roles need to be mapped to specific roles in the portal.
2. These mappings allow the portal to resolve conflicts between roles with the same name that are from different portlets (e.g. portlets from different developers).
3. Each role named in a portlet’s <security-role-ref> element is given permission to add the portlet to a page.

Mapping Portlet roles to Portal roles-:

To map the roles to Liferay Portal, you’ll have to use the docroot/WEB-INF/liferay-portlet.xml Liferay-specific configuration file. For an example,
see the mapping defined in the Offer project’s liferay-portlet.xml file. Many Liferay projects use identical role mappings.

<role-mapper>
    <role-name>administrator</role-name>
    <role-link>Administrator</role-link>
</role-mapper>
<role-mapper>
    <role-name>guest</role-name>
    <role-link>Guest</role-link>
</role-mapper>
<role-mapper>
    <role-name>power-user</role-name>
    <role-link>Power User</role-link>
</role-mapper>
<role-mapper>
    <role-name>user</role-name>
    <role-link>User</role-link>
</role-mapper>

If a portlet definition references the role ADMINSTRATION, that portlet is mapped to the Liferay role called ADMINSTRATION that’s already in Liferay’s database.

Once roles are mapped to the portal, you can use methods as defined in the portlet specification:

    getRemoteUser()
    isUserInRole()
    getUserPrincipal()

For example, you can use the following code to check if the current user has the power-user role:

if (renderRequest.isUserInRole("administrator")) {
    // ...
}

Comments

Post a Comment

Popular posts from this blog

Liferay 7.1 Topics Coming Soon stay connected

1. Liferay 7.1 Service Builder 2. Rest Service and Liferay 3. Consuming SOAP service with Liferay 7.1 4. Creating Theme With Liferay 7.1 Using Liferay IDE Using NPM 5. Create Angular NPM Module 6. Web Content Management 7. OSGI Basic 8. Liferay 7.1 with more than 1 DB 9. A sample project 10. Liferay Dev Ops
Post a Comment
Read more

How the portal page is loaded with respective portlets

How the portal page is loaded with respective portlets When a user requests a page with a URL, 1.    The browser sends the request to the Application Server (AS). 2.    Liferay gets the page name from the URL. 3.    It goes to the layout database table and finds the related        theme and page layout. 4.    Based on the page layout, Liferay finds the portlets added        into each area of the page layout. 5.    Liferay runs the portlet and adds the output in the        portlet.vm template. 6.    Liferay interprets the portlet.vm template and adds the output        in the page layout. 7.    Then Liferay interprets the page layout and adds the output in        the portal_normal.vm template. 8.    After that Liferay interprets the portal...
Post a Comment
Read more

Liferay Custom Field and Custom Attribute (Using Liferay UI and Programatically)

Custom fields are a way to add attributes to many types of assets in the portal. Its basically help us to add additional fields to existed models or entities. Adding some more additional attributes to existed entities or models helps us so to meet our requirements. Liferay provide two way's to allow the creation of Custom Fields. 1. Using Liferay UI 2. Programatically Lets look these both topic one by one-: Suppose you have a scenario where its needed to add few fields in your User_ Table So its simple to add using Liferay UI just you need to follow these steps-: 1. Using Liferay UI-:   Goto-> Control-Panel -> Click on Custom Field A List will be displayed-: Now you can add your custom fields for any entity in the list. Click on User Entity and a page will be displayed like this-: Now add these value in respective fields-: KEY- myContactId Type- Select Integer After adding the custom field we can view, update from the Lifera...
Post a Comment
Read more