David, On Mon, 2006-01-16 at 15:29 -0800, David Jencks wrote: > On Jan 16, 2006, at 1:54 PM, Randy Watler wrote: > > > David, > > > > This is indeed the case for the PageManager component. The > > "Permissions" > > based solution has been implemented to allow implementors that already > > use the Java security architecture a compliant means to apply the same > > to J2. The "Constraints" based solution allows the implementor to > > specify security information in the PSML files. Generally speaking, > > the > > "Permissions" solution was targeted for larger users and the > > "Constraints" solution for a less formal organization that tried to > > minimize "touch points" for portal configuration. The "Constraints" > > solution is far more popular and is slightly more powerful capability > > wise. > > > > HTH, > > That helps a lot, but now I have more questions :-) > > I've been assuming that only the "Permissions" solution existed :-) > and thought there must be some way that I hadn't found yet to get the > psml based permission descriptions into the rdbms based policy. How > wrong is this view :-) ? Do the psml-file based security only work > with "Constraints" and the rdbms based stuff only work with > "Permissions"?
Exactly correct. They share only the use of the troublesome J2 Subject. > > Also, could you explain what the "Constraints" can do that the > "Permissions" can't? Constraints provide a limited ability to deny permissions to a specific user, role, or group. AFAIK, there is no way to do this using the Permissions approach. For example, say I wanted to allow all 'managers' the ability to view a page, except those that are in the 'fired' group. Randy > > Many thanks! > > david jencks > > > > > Randy > > > > On Mon, 2006-01-16 at 13:03 -0800, David Jencks wrote: > >> It looks to me as if there are two security systems, one based on > >> "SecurityContraints" and the other on various jetspeed defined > >> Permissions: I think you can enable or disable these in Spring > >> configurations. They look to me from a short glance to do much the > >> same things. > >> > >> Could someone explain why and if there are any plans for instance to > >> eliminate one of them in the future? Why would I use one rather than > >> the other? > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
