Marina,
Implementation of the role management portlet is not
complete.
Regards,
David Le Strat.
--- Marina <[EMAIL PROTECTED]> wrote:
> Randy, thanks a lot for your help! I was able to
> setup
> a basic access control to my portlet's view and Edit
> mode.
> I do have more questions on the user management in
> J2,
> though :)
>
> I've created a new user, dce-admin, using the
> "Administrative Portlets" as 'admin' user. This
> worked
> fine, and I was able to detect this user through the
> PortletResponse.getUserPrincipal().
> I've also tried to create a new role, say
> dce-admin-role, and assign this role to the new
> user.
> This , unfortunately, did not work. I entered the
> new
> role name into the corresponding form ("Add Role")
> of
> the "Role Management" tab, but it was never added to
> the list of the available roles and when I tried to
> assign this role to the new user I've got an error
> from J2 complaining that this role does not exist:
>
> ******* New Full Path: /role/dce-admin-role
> failed to add user to role: dce-admin,
>
dce-admin-roleorg.apache.jetspeed.security.SecurityException:
> The role does not exist. dce-admin-role
> ******* New Full Path: /role/dce-admin-role
>
>
> Any idea why this is not working?
>
> Thanks,
> Marina
>
>
>
> --- Randy Watler <[EMAIL PROTECTED]> wrote:
>
> > Marina,
> >
> > Thanks for using the jetspeed user list!
> >
> > Comments below.
> >
> > Randy
> >
> > >-----Original Message-----
> > >From: Marina
> > >To: 'Jetspeed Users List '
> > >Sent: 12/6/04 5:06 PM
> > >Subject: RE: Jetspeed2 M1 security setup (was:
> > jetspeed-newbie
> > Roles-Groups-Users)>
> > >
> > >Hi,
> > >
> > > I've successfully built and installed J2 M1 and
> > was
> > >looking into the demo applications to figure out
> > how
> > >to setup access control for portlets/pages.
> > >After checking out some example portlets , like
> > >RoleSecurityTest and Login, and their source
> code,
> > I
> > >think I have some idea of how to approach the
> task
> > but
> > >I would like to clarify some topics.
> > >
> > >First, I'll list my assumptions and then ask
> > >questions:
> > >
> > >1.
> >
>
>tomcat-5.0.30-j2-M1\webapps\jetspeed\WEB-INF\pages\page.security
> > > file specifies 'Edit'/'View' permissions for the
> > >default Portal's page, defined in
> default-page.psml
> >
> > The /page.security file defines named security
> > constraints that can be
> > referenced here or in individual page, folder meta
> > data, link, or document
> > set documents. The scope of this file is global
> > across the entire site.
> > References take the form of
> > <global-security-constraints-ref/>, (which
> > appear only in /page.security), or
> > <security-constraints-ref/>.
> >
> > >Thus, this part :
> > > <security-constraints-def name="admin">
> > > <security-constraint>
> > > <roles>admin</roles>
> > > <permissions>view, edit</permissions>
> > > </security-constraint>
> > > </security-constraints-def>
> > >means that only a user with the role 'admin' can
> > edit
> > >the layout of the page.
> >
> > Yes, since this fragment is referenced in a
> > <global-security-constraints-ref/>, it applies to
> > all documents in the site.
> >
> > >And this fragment:
> > > <security-constraints-def name="manager">
> > > <security-constraint>
> > > <roles>manager</roles>
> > > <permissions>view</permissions>
> > > </security-constraint>
> > > </security-constraints-def>
> > >means that a user with the role 'manager' can
> view
> > the
> > >page.
> >
> > Yes, where used with a
> <security-constraints-ref/>.
> >
> > >However, anybody can view this default page in
> > reality
> > >- even before a user logs in. You don't need any
> > >special privileges to access
> > >http://localhost:8080/jetspeed to see the page.
> > >My assumption is that it is because security
> > >constraints are "overwritten" in the
> > >pages/folder.metadata file (see below).
> > >Is that true?
> >
> > Not exactly. The override is in the
> > default-page.psml itself, (user=*,
> > permission=view).
> >
> > >What is the scope of the page.security
> definitions
> > and
> > >where are they used?
> >
> > See above.
> >
> > >2. each folder under /pages directory (including
> > >/pages itself) has a folder.metadata file where
> > more
> > ><security-constraints> are defined for that
> folder.
> > >For example, here is pages/folder.metadata:
> > >.....
> > > <security-constraints>
> > > <security-constraint>
> > > <roles>user</roles>
> > > <permissions>view</permissions>
> > > </security-constraint>
> > >
> >
>
><security-constraints-ref>manager</security-constraints-ref>
> > > </security-constraints>
> >
> > This should be commented out in M1.
> >
> > >
> > > <security-constraints>
> > > <security-constraint>
> > > <users>*</users>
> > > <permissions>view</permissions>
> > > </security-constraint>
> > > </security-constraints>
> > ></folder>
> > >And this is why all users can see the default
> page.
> > >(Is that true?)
> >
> > It would be the case if default-page.psml did not
> > override on its own. To be
> > exact, this allows all users to view the folder
> and
> > any content within it
> > that does not specify its own security
> constraints.
> > In effect, this is the
> > site default for global pages because it is
> defined
> > at the root leve.
> >
> > >On the other hand, here is
> > >pages\Administrative\folder.metadata :
> > ><folder>
> > > <title>Jetspeed Administrative Portlets</title>
>
> > > <!-- allow only manager role -->
> > > <security-constraints>
> >
>
><security-constraints-ref>manager</security-constraints-ref>
> > > </security-constraints>
> > ></folder>
> > >
> > >This folder corresponds to the "Jetspeed
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Dress up your holiday email, Hollywood style. Learn more.
http://celebrity.mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
