I think this is correct:

Groups allow for arbitrary grouping of PSML and that's all.  They're not really 
security related, which is a point of confusion for a lot of people (rightly so, imo).

You assign roles to users; these roles determine what portlets a user can see, which 
I'll explain in a second (they can also be used for any other security check you 
wish).  Roles can also contain permissions, which I don't think are used internally in 
Jetspeed.  I use permissions largely for my own portlet Applications' security logic.

Roles are used to restrict access to portlets as I mentioned earlier.  You define a 
security-entry in any xreg file, which will have a 'reference' to a defined Role 
(allow-if role="whatever").  You can then reference these security-entries in portlet 
definitions and PSML definitions, .xreg and .psml respectively.

Here's a quick security-entry example:  
<security-entry name="CMSAdminAccess">
        <meta-info>
            <title>CMS Admin Access</title>
            <description>Full access to users with the CMSAdminAccess 
role.</description>
        </meta-info>
        <access action="*">
            <allow-if role="CMSAdminAccess"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:type="java:org.apache.jetspeed.om.registry.base.BaseSecurityAllow"/>
        </access>
    </security-entry>

I can then use that security-entry to restrict access to my ContentAdminTools portlet:
<portlet-entry name="ContentAdminTools" hidden="false" type="ref"
        parent="CustomizerVelocity" application="true">
        <security-ref parent="CMSAdminAccess"/>
        <meta-info>
            <title>Content Administration Tools</title>
            <description>Specific Tools for Content Administration</description>
        </meta-info>
        SNIP
</portlet-entry>

I can also use that security-entry to restrict access to all CMS portlets at the page 
level (psml)
<portlets id="PS-CMSAdmin">
    <security-ref parent="CMSAdmin"/>
    <entry id="PE-CntUpload" parent="ContentUpload"/>
    <entry id="PE-CntTools" parent="ContentAdminTools"/>
</portlets>

Hope that is somewhat useful.
stu

>>> [EMAIL PROTECTED] 07/16/03 06:03AM >>>
Hi everyone,
I'm deseperatly looking for a Jetspeed documentation, because I don't 
understand the group/role concepts. That's what I understood :
The groups define some shared psml for users in this group.
The role defines permissions (what is the purpose of security-IDs then?)...

_________________________________________________________________
MSN Messenger 6 http://g.msn.fr/FR1001/866  : dialoguez en son et en image 
avec vos amis.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] 
For additional commands, e-mail: [EMAIL PROTECTED] 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to