Portlet Business Rules

Table - Summary Portlet Rule Statements outlines the Portlet Business Rules, which are explained further below.

Table - Summary Portlet Rule Statements
Rule Statements	Location
Portlet Life-cycle: Each portlet must include a deployment descriptor as specified in JSR 286.	BR-P-1
Portlet Life-cycle: Each portlet must implement specific portlet life-cycle management functions as specified in JSR 286.	BR-P-2
Portlet Logging: Each portlet must log events via portlet container logging functions.	BR-P-3
Portlet User Interface: If functionality to customize / personalize the portlet user interface is provided, it must be consistent with JSR 286.	BR-P-4
Portlet Security: Each portlet must control access to content / functionality based on user and role information via the portal.	BR-P-5
Portlet Security: Each portlet must use portal services to authenticate users.	BR-P-6
Portlet Security: Each portlet must securely transport sensitive content.	BR-P-7
Inter-Portlet Communication: Inter-portlet communication must be performed only by either public render parameters or events as specified in JSR 286.	BR-P-8
Remote Portlet Security: Remote portlets must follow Web Service standards defined in this Web Services chapter to secure Simple Object Access Protocol messages, verify the sender’s identity, and exchange authentication and authorization data.	BR-P-9

TRA 2024 Revision 3.0 • General Distribution / Unclassified Information