oracle.portal.provider.v1
Interface PortletSecurityManager
- All Known Implementing Classes:
- DenyAllSecurityManager, DefaultSecurityManager
- public interface PortletSecurityManager
A PortletSecurityManager is the access controller for a portlet. If the Portlet
restricts its capabilities in any manner it implements a PortletSecurityManager.
The manager is responsible for authorizing (but not authenticating) the user.
There are two authorization levels. The first level checks whether the user
is authorized to use this Portlet. The second level checks whether the user
is authorized to use a particular instance of this Portlet.
hasAccess
public boolean hasAccess(Portlet p,
ProviderUser user)
- Verifies whether the user is authorized to use this Portlet. That is
does this user have the necessary privileges to create, get, copy, and
destroy instances of this Portlet.
- Parameters:
p - the portlet which we want to authorize access to.user - the current user we are being asked to authorize.- Returns:
- true is this user is authorized to access this portlet.
hasAccess
public boolean hasAccess(PortletReference ref,
ProviderUser user)
throws PortletNotFoundException
- Verifies whether the user is authorized to use this particular portlet
instance. Generally, this check will only be made of the default instance
as it is assumed you cannot be denied access to the default while having
access to the customized instance, and in turn must always have access
to your customized version if you have access to the default. However,
if asked to authorize a particular instance the PortletNotFoundException
should be thrown if that instance doesn't exist (even if the default does).
- Parameters:
ref - portlet reference that identifies the instantuser - the current user we are being asked to authorize.- Returns:
- true is this user is authorized to access this portlet instance.