On Thu, 2006-01-12 at 20:31 -0800, Tiwari, Sunil Kumar wrote: > Hi, > > I was looking into the access control in jetspeed2 and I noticed that it uses > JAAS Authorization to provide this. > This link is useful for this: > http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/atz-jaas.html > > I have some questions here: > > 1) Can we define more customized roles like privileged users apart from the > existing roles like user, manager, admin etc? Yes. Roles are defined and configured using the role management admin portlet.
> 2) I think portlet level access control is not provided. Correct me if I am > wrong. If I create a simple user then he doesnt have edit options neither at > page level nor at > portlet level where as a user as an admin has all. What if I dont want the > user to have edit option for the page but for some of the portlets on the > page? > How can it be achieved? - Portlet level access can be controlled by the isUserInRole() JSR-168 API within the portlet itself. - Portlets visible in the customizer portlet selector are configured via PortletPermissions. - Page Fragments visibility can be further constrained using security constraints on the individual Fragments. Edit permissions for Fragments are currently inherited by the Page. So, I do not think what you are asking for is currently supported. There is an open JIRA issue on the current limitations... feel free to add your requirements to the comments: https://issues.apache.org/jira/browse/JS2-354 > 3) How to integrate Spring’s ACEGI security access framework with jetspeed2? Not sure. David Taylor looked into ACEGI some time ago, but I dont recall what the outcome was. As usual, try searching the lists :-). > > Thanks in advance, > -Sunil > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
