I think this is correct:
Groups allow for arbitrary grouping of PSML and that's all. They're not really
security related, which is a point of confusion for a lot of people (rightly so, imo).
You assign roles to users; these roles determine what portlets a user can see, which
I'll explain in a second (they can also be used for any other security check you
wish). Roles can also contain permissions, which I don't think are used internally in
Jetspeed. I use permissions largely for my own portlet Applications' security logic.
Roles are used to restrict access to portlets as I mentioned earlier. You define a
security-entry in any xreg file, which will have a 'reference' to a defined Role
(allow-if role="whatever"). You can then reference these security-entries in portlet
definitions and PSML definitions, .xreg and .psml respectively.
Here's a quick security-entry example:
<security-entry name="CMSAdminAccess">
<meta-info>
<title>CMS Admin Access</title>
<description>Full access to users with the CMSAdminAccess
role.</description>
</meta-info>
<access action="*">
<allow-if role="CMSAdminAccess"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="java:org.apache.jetspeed.om.registry.base.BaseSecurityAllow"/>
</access>
</security-entry>
I can then use that security-entry to restrict access to my ContentAdminTools portlet:
<portlet-entry name="ContentAdminTools" hidden="false" type="ref"
parent="CustomizerVelocity" application="true">
<security-ref parent="CMSAdminAccess"/>
<meta-info>
<title>Content Administration Tools</title>
<description>Specific Tools for Content Administration</description>
</meta-info>
SNIP
</portlet-entry>
I can also use that security-entry to restrict access to all CMS portlets at the page
level (psml)
<portlets id="PS-CMSAdmin">
<security-ref parent="CMSAdmin"/>
<entry id="PE-CntUpload" parent="ContentUpload"/>
<entry id="PE-CntTools" parent="ContentAdminTools"/>
</portlets>
Hope that is somewhat useful.
stu
>>> [EMAIL PROTECTED] 07/16/03 06:03AM >>>
Hi everyone,
I'm deseperatly looking for a Jetspeed documentation, because I don't
understand the group/role concepts. That's what I understood :
The groups define some shared psml for users in this group.
The role defines permissions (what is the purpose of security-IDs then?)...
_________________________________________________________________
MSN Messenger 6 http://g.msn.fr/FR1001/866 : dialoguez en son et en image
avec vos amis.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
