Hi Martin, I've been "playing" a little bit with security constraints in fragments and what I've grasped is that once you've allowed access to some "principals" to the page (by any means: user list, group list, role list), it is impossible to deny access to any "principal" that is included in the granted access list. Am I wrong?
What I was trying to achieve was: excluding specific people to a portlet that have access granted to the page. That way, some people could access to some info that others don't in the same tab... Regards, Enrique > -----Mensaje original----- > De: Martin Dulisch [mailto:[EMAIL PROTECTED] > Enviado el: jueves, 29 de junio de 2006 22:19 > Para: Jetspeed Users List > Asunto: Re: Security constraints for fragments > > Hi Enrique, > > try this with users that do not have the manager or admin role. These > user see everything. This is what I have tested. > > Martin > > > 2006/6/29, Enrique Pérez <[EMAIL PROTECTED]>: > > Hi, > > > > As far as I can understand from documentation > > (http://portals.apache.org/jetspeed-2/guides/guide-security-declarative- > > psml.html), it's possible to apply some restrictions to fragments inside > > a "psml page" just by writing a list of security constraints in the > > fragment definition. > > In order to try this feature, I've made a testing psml page accessible > > just for users with role="manager". Inside it, there is a portlet whose > > access is supposed to be denied for user "jetspeed" (though user > > "jetspeed" has the manager role): > > > > <page> > > > > <fragment id="hidd-p-03" type="portlet" > > name="j2-admin::UserDetailsPortlet"> > > <property name="row" value="1"/> > > <property name="column" value="1"/> > > <security-constraints> > > <security-constraint> > > <users>jetspeed</users> > > </security-constraint> > > </security-constraints> > > </fragment> > > > > <security-constraints> > > > > <security-constraints-ref>level-0b</security-constraints-ref> > > </security-constraints> > > </page> > > > > > > where "level-0b" is defined in "page.security": > > > > <security-constraints-def name="level-0b"> > > <security-constraint> > > <users>admin</users> > > </security-constraint> > > <security-constraint> > > <roles>manager</roles> > > <permissions>view</permissions> > > </security-constraint> > > </security-constraints-def> > > > > > > > > Can anyone tell me what I'm doing wrong? Did anyone try this before? > > > > Thanks in advance, > > Enrique > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
