You shouldnt have to edit the jetspeed-macros
From reading your email, Im not sure why your pages are not being
secured properly. Perhaps if you could send the page.security,
folder.metadata, and *.psml files to the list we can review them for you
Enrique Pérez wrote:
Hi all,
I want the portal to display some tabs and hide others based on some
user information. My intention is to hide some tabs if the user does not
have enough permission.
As I see it, after reading documentation, there are two different
approaches:
- configuring some "security constraint" in the "tab-denied.psml" that
grant access only to specific users/roles/groups.
- or creating some menu that contains that pages, and subtracting them
from the default menu "pages" with an "exclude" tag after some kind of
Velocity check.
Am I wrong?
I've been trying the first one, but I think I miss something with
security constraints tags. I've defined some security constraints based
on user's role in "page.security" file. In addition, I've created a
"hidden.psml" with a security constraint reference to "admin" (that
grants all permissions to role admin), so I thought this tab would not
display 'til some user with role "admin" logs in the system. But what I
got was the opposite effect: this "hidden" tab displays with guest user,
and disappears when I log in as "admin/admin" ¿? I don't understand
[Note: I only have the root folder "web-inf/pages" with the following
files: "page.security", "folder.metadata", "tab1.psml", "tab2.psml",
"tab3.psml" and "hidden.psml".]
Should I modify the macro "IncludeTabsNavigation", and check user
permissions with Velocity before rendering content? Is it possible to
retrieve user/server information (like user name, role, permissions...
or date on server) using a velocity macro and jetspeed api?? I've tried
this combination:
In "jetspeed-macros.vm" I've added at the end of
"defineLayoutObjects" macro:
#set($user =
$request.getAttribute("org.apache.jetspeed.security.UserPrincipal"))
And then in header.vm I've used it to get the user name like
this:
#set($username = $user.getName())
<div>Username: $!{username}</div>
But I think $username is always "null" because it displays nothing
(well, it displays "Username:")
In addition, I also tried to apply some security constraint to a
fragment in "tab1.psml", but the portlet still displays. I've done this:
<fragment id="xxx" type="portlet" name="yyy">
<property layout="TwoColumns" name="row" value="1"/>
<property layout="TwoColumns" name="column" value="1"/>
<security-constraints>
<security-constraints-ref>admin</security-constraints-ref>
</security-constraints>
</fragment>
I'm also trying to use some especial characters (some of the characters
listed in this page "http://www.w3schools.com/tags/ref_urlencode.asp"; in
the section "URL-encoding %90 to %ff"), but I'm not able to use them
inside a psml file. My first attempt was to use html code like &xxxx;
but & seems to be a special character for psml files. How could I use
these characters inside psml?
Thanks in advance,
Enrique
PS: maybe my questions/doubts are really stupid but I'm new to J2 and
I'm a little bit lost... =S
--
David Sean Taylor
Bluesunrise Software
[EMAIL PROTECTED]
[office] +01 707 773-4646
[mobile] +01 707 529 9194
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
