Consuming uPortal Groups as Roles
In the portlet.xml you use something like
Declaring a role in portlet.xml aliasing back to a uPortal Group
<security-role-ref> <role-name>myPortletAdmin</role-name> <role-link>local.107</role-link> </security-role-ref>
The 'local' bit refers to the uPortal group source as defined in compositeGroupServices.xml [1].
The '107' bit in my example refers to the database ID in the case of locally managed groups.
To access PAGS groups you would use something like.
Role link to a PAGS group
<role-link>pags.2</role-link>
Finally in the code you do this
Querying for role / group membership in your JSR-168 Java code
boolean allowed = request.isUserInRole("myPortletAdmin");
Footnotes:
[1]: In theory there are alternatives to configuring your group stores and their keys in compositeGroupServices.xml; in practice compositeGroupServices.xml is the method everyone uses.)