Thanks for the reply. I don't quite understand about profilers. I tried to by reading http://portals.apache.org/jetspeed-2/guides/guide-profiler.html , but it seems the informatioin here isn't complete and i don't understand what's already there (lil'pumpkin they call me XD). Can anyone tell me where to find a good example about what does profiling exactly do, description of all the posible rules and how to configure it?
On 2/16/06, David Sean Taylor <[EMAIL PROTECTED]> wrote: > > Armando Arteaga wrote: > > Hi: > > I have a problem with the security-constraints of Jetspeed2. I'm > testing > > the deploy that comes with the installation package. First of all, i've > > looked everywhere in j2-admin portlets and there doesn't seem to exist a > > constraint manager per portlet like there was in jetspeed 1.x. Also I > think > > there's no way to view the user pages with the manager or admin > users. The > > folder.metadata in the user folder declares the security constraints as > > follow: > > > > <security-constraints> > > <owner>user</owner> > > <security-constraints-ref>manager</security-constraints-ref> > > </security-constraints> > > > > and the page.security of the portal defines the manager ref as: > > <security-constraints-def name="manager"> > > <security-constraint> > > <roles>manager</roles> > > <permissions>view</permissions> > > </security-constraint> > > </security-constraints-def> > > > > I'm making the assumption that this means the 'admin'/'manager' user > (they > > have the 'manager' role assigned to them) could at least view the pages > > contained here, but when i'm logged in with this users and i try to view > > these pages with the link provided by the Portal Site Detail Portlet it > just > > redirects me to the previous page i was before entering the > Administrative > > Portlets. Is this the way it is supposed to work? > > > Yes > > ALSO want to point out that the Portlet Selector will filter out > portlets based on the permissions in the Jetspeed Security Policy. > Thus you can only add portlets that you have access to. > Its been debated whether we should also make this check during > rendering, probably she be optional. > > Im working on an XML version of the permissions for import/export, but > for now the only way to edit this policy is to edit the database > scripts. For example, this permission secures ALL the j2-admin portlets: > > INSERT INTO SECURITY_PERMISSION > VALUES(100,'org.apache.jetspeed.security.PortletPermission > ','j2-admin::*','view, > edit','2004-05-22 16:27:12.572','2004-05-22 16:27:12.572'); > INSERT INTO PRINCIPAL_PERMISSION VALUES(6,100); > > Future version will support editing of these permissions via the > j2-admin portlets > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
