[
https://issues.apache.org/jira/browse/JS2-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma reopened JS2-1263:
----------------------------
I added a bit too much redundant psml level constraints on these admin portlets
for where their psml folders already enforced this by inheritance.
For the 'classic' (portal) demo pages however, these are needed as that demo
configuration allows access to both admin and manager role to the
Administration portlets by default (folder level constraint).
Note: these psml constraints are not so much needed to enforce the 'locking
down' of these portlets, only to prevent rendering the 'Access Denied' message
on their Portlet Window if a user is not allowed to *execute* the portlet. With
these psml constraints the portlet window won't be rendered at all.
> Hardening j2-admin security by restricting access to hot deployment and
> portlet metadata features to admin role only
> --------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-1263
> URL: https://issues.apache.org/jira/browse/JS2-1263
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Admin Portlets
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
