Randy,
Thanks a lot for your response.
I indeed have more specific question on the security
setup in J2.
I should note right away that I apologize if these
questions are answered in the documentation you
mentioned - I was not able to read it as it seems to
be in the .sxw format (StarOffice, I think ?). Any
idea how to convert them into some other format if I
don't have StarOffice readily available?
Now to my questions.
I'm trying to do a very common thing: require a user
to log in when he access the portal for the first
time, and then show only those portlets that this user
is authorized to see, and give him only those access
rights to some functionality (buttons, links in the
portlets) that he is authorized to do.
First of, I was not sure how to limit access to the
portal as a whole - usually you do that kind of thing
in the web.xml descriptor of the web application. I
guess that would be the
$TOMCAT_HOME/webapps/jetspeed/WEB-INF/web.xml
But then, would not it be overwritten when Jetspeed is
redeployed using the Maven build scripts? And what
<url-pattern> would I have to specify - /jetspeed/* or
something like that?
Anyway, I decided to try to protect the main portlet
as the first step. In my potlet's web.xml I specified:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure EventCalendar
</web-resource-name>
<url-pattern>/EventsCalendarPortlet/*
</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>dce_admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>dce_admin</role-name>
</security-role>
and I have a corresponding role defined in the
tomcat-users.xml:
<role rolename="dce_admin"/>
<user username="dce_admin" password="some_password"
roles="dce_admin"/>
Since I could not find any Jetspeed-specific
information on specifying security constraints for
individual portlets, I just used the Portlet
Specification as the guide and added this to the
portlet's portlet.xml:
<security-role-ref>
<role-name>dce_admin</role-name>
<role-link>dce_admin</role-link>
</security-role-ref>
The EventsCalendarPortlet got deployed into J2 just
fine, but it was displayed in the portal without
prompting me for any username/password.
If you could give me any pointers as to what I'm
missing and what would the main steps be to achieve
what I'm trying to do it would be great!
Sorry for such a long e-mail,
thanks!
Marina
--- Randy Watler <[EMAIL PROTECTED]> wrote:
> MP,
>
> I am more or less responsible for the J2 profiling
> and security features.
>
> There is some documentation in the J2 design-docs
> under the profiler
> directory, (pull from CVS).
>
> Also the demo configuration for user/user,
> (username=user, password=user),
> uses profiling extensively to customize its view and
> security to limit its
> access to the admin pages/portlets.
>
> BTW, this functionality is page based, not portlet
> based. Portlet security
> constraints can be specified in the portlet.xml, but
> I am not sure if they
> are 100% implemented at this point.
>
> Feel free to send more specific J2 questions to the
> list.
>
> HTH,
>
> Randy Watler
>
> -----Original Message-----
> From: M P
> To: Jetspeed Users List
> Sent: 11/27/04 12:10 PM
> Subject: Re: jetspeed-newbie Roles-Groups-Users
>
> Hi, David,
>
> The documentation you mentioned is for Jetspeed 1.
> Is
> it also true for Jetspeed2? If not - could you point
> me to where I could find it for J2? I looked
> through
> all documentation on the J2 home page and Wikis and
> could not find anything on how to control access to
> specific portlets based on user roles/ groups.
>
> Thank you!
> Marina
>
> --- David Sean Taylor <[EMAIL PROTECTED]> wrote:
>
> > Thilina wrote:
> >
> > > Hi,
> > > I need to do following thing using the jetspeed,
> > >
> > > Creating......
> > > 3 roles - Admin, Executive, Developer
> > > 2 Groups - Administration, Users
> > > 100 of users - CEO,CFO,admin, aaa, bbb, ccc,
> > etc........
> > >
> > > Setting............
> > > Admin and Executive belongs to Administrative
> > Group
> > > Developer belongs to Users Group
> > >
> > > CEO and CFO are Executive Roles
> > > admin user is belongs to Admin role
> > > aaa, bbb, ccc, etc.... belongs to Developer role
> > >
> > > Users group only have rights to view the
> > information.
> > > Admin role have all the control except viewing
> > some confidential
> > > information such as Banking and Finance
> > information. Only CEO and CFO
> > > have rights to access those information.
> > >
> > > Admin could lock and unlock account except CEO
> and
> > CFO.
> > >
> > > Is this kind of activity achieve using jetspeed
> > 1.5?
> > >
> > Yes.
> > To see the User Admin, go here:
> >
> > http://wwww.bluesunrise.com/jetspeed
> >
> > login as user = admin, pw = (sendme an email
> > personally to get it)
> >
> > Go to the security tab, and then "Security
> Browser"
> > Here you can see how to setup security constraints
> >
> > You will also see how to administer roles, groups
> > and users here.
> >
> >
> > Also, docs are here:
> >
> >
>
http://portals.apache.org/jetspeed-1/security.html#Registry_Access_Contr
> ol
> >
> > --
> > David Sean Taylor
> > Bluesunrise Software
> > [EMAIL PROTECTED]
> > [office] +01 707 773 4646
> > [mobile] +01 707 529 9194
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> >
> >
>
>
>
> __________________________________
> Do you Yahoo!?
> The all-new My Yahoo! - Get yours free!
> http://my.yahoo.com
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
