The following article describes how to add security and role based access to your portlet.
You can use the Security Framework tag library (visa) to control permissions on your portlet. The permissions can control:
Access to the portlet
Access to specific portlet actions
What is displayed on the portlet
Every portlet is part of a security domain, as defined in WEB-INF/viewpoint-portlet.xml. You can set domain or instance-level permissions for your portlet. These are explained in further detail below.
Control Access to the Portlet
You can control access to the entire portlet by surrounding your portlet content with the <vs:isGranted> tag. If a specific permission is not specified, then the permission defaults to the ENABLE domain permission:
At times, you might want to restrict a certain set of portlet functions. This can be achieved by setting 'Domain' or 'Object' level permissions.
Domain-level permissions act on the whole domain. For example, in the Calendar portlet, the CREATE_EVENT permission allows the user to create events for the Calendar:
<domain name="Calendar"> ... <permission scope="domain" name="CREATE_EVENT" description="If granted, the user can create a new event" /> ... </domain>
Instance-level permissions (also known as resource/object level) allow you to set permissions on certain objects. For example, in the System Health portlet, the VIEW_DETAIL permission controls whether the user can drill down into system details:
<domain name="SystemHealth"> <!-- Resource level permissions --> ... <permission scope="resource" name="VIEW_DETAIL" description="If granted, the user can view the detail info (drill down) for a particular system" /> ... </domain>
NOTE: These permissions determine the set of permissions that an Administrator can enable or disable per role, from within the Administration portlets (Roles Manager, the Permissions tab).
Role-Based Access to Content in a Portlet
As implied, this allows you to display sections of your portlet to users within a role: