Armando Arteaga wrote:
Hi:
I have a problem with the security-constraints of Jetspeed2. I'm testing
the deploy that comes with the installation package. First of all, i've
looked everywhere in j2-admin portlets and there doesn't seem to exist a
constraint manager per portlet like there was in jetspeed 1.x. Also I think
there's no way to view the user pages with the manager or admin users. The
folder.metadata in the user folder declares the security constraints as
follow:
<security-constraints>
<owner>user</owner>
<security-constraints-ref>manager</security-constraints-ref>
</security-constraints>
and the page.security of the portal defines the manager ref as:
<security-constraints-def name="manager">
<security-constraint>
<roles>manager</roles>
<permissions>view</permissions>
</security-constraint>
</security-constraints-def>
I'm making the assumption that this means the 'admin'/'manager' user (they
have the 'manager' role assigned to them) could at least view the pages
contained here, but when i'm logged in with this users and i try to view
these pages with the link provided by the Portal Site Detail Portlet it just
redirects me to the previous page i was before entering the Administrative
Portlets. Is this the way it is supposed to work?
Yes
ALSO want to point out that the Portlet Selector will filter out
portlets based on the permissions in the Jetspeed Security Policy.
Thus you can only add portlets that you have access to.
Its been debated whether we should also make this check during
rendering, probably she be optional.
Im working on an XML version of the permissions for import/export, but
for now the only way to edit this policy is to edit the database
scripts. For example, this permission secures ALL the j2-admin portlets:
INSERT INTO SECURITY_PERMISSION
VALUES(100,'org.apache.jetspeed.security.PortletPermission','j2-admin::*','view,
edit','2004-05-22 16:27:12.572','2004-05-22 16:27:12.572');
INSERT INTO PRINCIPAL_PERMISSION VALUES(6,100);
Future version will support editing of these permissions via the
j2-admin portlets
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
