In this chapter, we’ve discussed the reasons for plugin security management, how the Plugin Security Manager checks each plugin against its portal access control list (PACL), and how to specify PACL properties for the plugins you create and deploy. We also explained Liferay’s support of the Java Security Policy, in case you need to specify rules above and beyond what PACL properties support.
Now you have a better understanding of how plugin security works, and can use Liferay Portal’s Plugin Security Manager effectively to specify exactly what services your plugin needs in order to function. Anyone running Liferay Portal with Security Manager turned on will know you’re a “law abiding” citizen, because you’ve specified what services your applications need to access in order to function.
Next, we’ll show you what it takes to develop apps for publishing to Liferay Marketplace.