I am trying to configure the security for the portal pages. In my *-object.xml file I have:
| <?xml version="1.0" encoding="UTF-8"?> | <deployments> | <deployment> | <if-exists>overwrite</if-exists> | <parent-ref>LogicaCMG</parent-ref> | <properties/> | <page> | <page-name>[01]Home</page-name> | <properties> | <property> | <name>order</name> | <value>01</value> | </property> | <property> | <name>icon</name> | <value>/images/navigation/Home.png</value> | </property> | </properties> | <window> | <window-name>Navigation</window-name> | <instance-ref>SmartNavigationInstance</instance-ref> | <region>navigation</region> | <height>0</height> | <properties> | <property><name>theme.windowRendererId</name><value>emptyRenderer</value></property> | <property><name>theme.decorationRendererId</name><value>emptyRenderer</value></property> | <property><name>theme.portletRendererId</name><value>emptyRenderer</value></property> | </properties> | </window> | <window> | <window-name>[01]Welcome</window-name> | <instance-ref>WelcomeInstance</instance-ref> | <region>center</region> | <height>0</height> | </window> | <security-constraint> | <policy-permission> | <role-name>User</role-name> | <action-name>personaliserecursive</action-name> | </policy-permission> | </security-constraint> | </page> | </deployment> | </deployments> | but the <securtity-constraint>...</security-constraint> does not seem to have an effect when I try to access the page. I captured the following trace: | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /portal/portal/LogicaCMG | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false | 2006-09-01 13:57:34,434 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located | 2006-09-01 13:57:34,434 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint | 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callernull | 2006-09-01 13:57:34,434 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.RunAsListener] PortalServletWithPathMapping, runAs: null | 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.RunAsListener] PortalServletWithPathMapping, runAs: null | 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Created with id=252BF826603B10B0714B81967032E580 | 2006-09-01 13:57:34,464 DEBUG [org.jboss.portal.theme.impl.LayoutServiceImpl] get logicacmg... | 2006-09-01 13:57:34,464 DEBUG [org.jboss.portal.theme.impl.LayoutServiceImpl] found logicacmg | 2006-09-01 13:57:34,465 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject | 2006-09-01 13:57:34,465 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject | 2006-09-01 13:57:34,465 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null | 2006-09-01 13:57:34,466 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies, domain=ProtectionDomain null | null | <no principals> | [EMAIL PROTECTED] ( | (javax.security.jacc.WebUserDataPermission /:/auth/*:/authsec/*:/sec/*) | (javax.security.jacc.WebUserDataPermission /auth/*:/authsec/*) | (javax.security.jacc.WebUserDataPermission /authsec/* :CONFIDENTIAL) | (javax.security.jacc.WebUserDataPermission /sec/*) | (javax.security.jacc.WebResourcePermission /:/auth/*:/authsec/*:/sec/*) | (javax.security.jacc.WebResourcePermission /auth/*:/authsec/*) | (javax.security.jacc.WebResourcePermission /authsec/*) | (javax.security.jacc.WebResourcePermission /sec/*) | (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping User) | (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping Authenticated) | (javax.security.jacc.WebRoleRefPermission jsp User) | (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping User) | (javax.security.jacc.WebRoleRefPermission User) | (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping Authenticated) | ) | | , permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission create,personalizerecursive) | 2006-09-01 13:57:34,466 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null | 2006-09-01 13:57:34,466 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies javax.security.auth.Subject.container: null | 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.ContextPolicy] Allowed: Matched unchecked set, permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission create,personalizerecursive) | 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implied=true | 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:result=true | 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:result=true | 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject | 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject | 2006-09-01 13:57:34,474 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null | 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies, domain=ProtectionDomain null | null | <no principals> | [EMAIL PROTECTED] ( | (javax.security.jacc.WebUserDataPermission /:/auth/*:/authsec/*:/sec/*) | (javax.security.jacc.WebUserDataPermission /auth/*:/authsec/*) | (javax.security.jacc.WebUserDataPermission /authsec/* :CONFIDENTIAL) | (javax.security.jacc.WebUserDataPermission /sec/*) | (javax.security.jacc.WebResourcePermission /:/auth/*:/authsec/*:/sec/*) | (javax.security.jacc.WebResourcePermission /auth/*:/authsec/*) | (javax.security.jacc.WebResourcePermission /authsec/*) | (javax.security.jacc.WebResourcePermission /sec/*) | (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping User) | (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping Authenticated) | (javax.security.jacc.WebRoleRefPermission jsp User) | (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping User) | (javax.security.jacc.WebRoleRefPermission User) | (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping Authenticated) | ) | | , permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission personalizerecursive) | 2006-09-01 13:57:34,474 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null | 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies javax.security.auth.Subject.container: null | Any help with what I am doing wrong/missing is greatly appreciated. pieter View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968909#3968909 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3968909 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
