Xavier Michel wrote: >Hi, > >When the user "toto" logs in, Jetspeed will dynamically check the psml file >user/toto/default.psml. > >I try to protect the explicitly invoke >http://host:8080/jetspeed/portal/user/toto > >Same thing for http://host:8080/jetspeed/portal/group/apache and >http://host:8080/jetspeed/portal/permission/foo > >Something is parametrable in the conf. ? > This depends on the version you are running. There are partial implementations of security, although I think nothing regarding PSML.
I'm currently working in securing psml in cvs. I will commit shortly the security for portletsets, which include the psml access. I will post first a proposal in jetspeed-dev, since the changes involved some changes in the way PSML is looked for in jetspeed. Expect this feature to be out and tested by Jetspeed 1.3 By the way, when the proposal is out and implemented, I will require you people to try to break it in all imaginable ways, to make sure we have not oversight anything. > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
