On 9/26/05, Randy Watler <[EMAIL PROTECTED]> wrote: > Christophe Lombart wrote: > > >Maybe it is a regression. Are you using the subproject > >'jetspeed2-deploy' to deploy into J2 ? See in this subproject, there > >are some xml file uses to deploy the application. > > > Yes, I am using this project to deploy, albeit modified for M4. > > > > >Let me know if you need help. I don't know if I can access to your > >modifications somewhere. > > > Here is the deal: > > The Graffito Browser is adding these objects to the RdbmsPolicy store: > > org.apache.portals.graffito.model.pemission.impl.CmsPermissionImpl > > While these appear to be correctly specified and stored by the browser, > the Graffito > security implementation is creating permission instances of this class > type and > sending these to the AccessController.checkPermission(): > > org.apache.portals.graffito.security.impl.CmsPermissionImpl > > See > components/src/java/org/apache/portals/graffito/security/impl/GraffitoAction.java. > > Unless I am missing something, the new permissions will not be seen by > java security because the class types do not match. Of course, the initial > setup/deploy has permissions granted to /role/admin using the > org.apache.portals.graffito.security.impl.CmsPermissionImpl class and > these work as expected. > > Did I miss some configuration that tells the Graffito Browser to use the > security vs. model implementations?
no > Am I missing some nuance of java > security that would allow the model implementations to be read? > No (following my limited knowledge of JAAS) Tomorow, I will review the code. What's the behavior with J2 M3 ?
