Why is the page level security control policy not working with CMS content in JBoss Portal?
Issue
Following are the steps and problem I am facing:
1. Created a new CMS page /default/private.html, secured to be accessibly only by users in role X.
2. Added a CMSPortlet instance to a portal page.
3. In the 'Configure how the system handles errors on page level' section in the properties of that page, I have defined all available actions as 'Remove the resource from page'.
4. Now when I am accessing the page, I still get the error
======================
Access Denied
You are not allowed to access the resource - /default/private.html
======================
Why is the window not removed from the page?
Environment
- JBoss Enterprise Portal Platform (EPP) 4.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.