Enrique,
If exceptions are listed first, they should be excluded, (by matching a
security-constraint with out a permission). For example:
<security-constraints>
<security-constraint>
<users>jetspeed</users>
</security-constraint>
</security-constraints>
This should have restricted ONLY the 'jetspeed' user. It appears it is
not working for you. What version of J2 are you using? I'd like to know
before I go digging to find the bug :-).
Randy
On Fri, 2006-06-30 at 12:09 +0200, Enrique Perez wrote:
> Hi Martin,
>
> I've been "playing" a little bit with security constraints in fragments
> and what I've grasped is that once you've allowed access to some
> "principals" to the page (by any means: user list, group list, role
> list), it is impossible to deny access to any "principal" that is
> included in the granted access list. Am I wrong?
>
> What I was trying to achieve was: excluding specific people to a portlet
> that have access granted to the page. That way, some people could access
> to some info that others don't in the same tab...
>
> Regards,
> Enrique
>
>
>
> > -----Mensaje original-----
> > De: Martin Dulisch [mailto:[EMAIL PROTECTED]
> > Enviado el: jueves, 29 de junio de 2006 22:19
> > Para: Jetspeed Users List
> > Asunto: Re: Security constraints for fragments
> >
> > Hi Enrique,
> >
> > try this with users that do not have the manager or admin role. These
> > user see everything. This is what I have tested.
> >
> > Martin
> >
> >
> > 2006/6/29, Enrique Pérez <[EMAIL PROTECTED]>:
> > > Hi,
> > >
> > > As far as I can understand from documentation
> > >
> (http://portals.apache.org/jetspeed-2/guides/guide-security-declarative-
> > > psml.html), it's possible to apply some restrictions to fragments
> inside
> > > a "psml page" just by writing a list of security constraints in the
> > > fragment definition.
> > > In order to try this feature, I've made a testing psml page
> accessible
> > > just for users with role="manager". Inside it, there is a portlet
> whose
> > > access is supposed to be denied for user "jetspeed" (though user
> > > "jetspeed" has the manager role):
> > >
> > > <page>
> > > …
> > > <fragment id="hidd-p-03" type="portlet"
> > > name="j2-admin::UserDetailsPortlet">
> > > <property name="row" value="1"/>
> > > <property name="column" value="1"/>
> > > <security-constraints>
> > > <security-constraint>
> > > <users>jetspeed</users>
> > > </security-constraint>
> > > </security-constraints>
> > > </fragment>
> > > …
> > > <security-constraints>
> > >
> > > <security-constraints-ref>level-0b</security-constraints-ref>
> > > </security-constraints>
> > > </page>
> > >
> > >
> > > where "level-0b" is defined in "page.security":
> > > …
> > > <security-constraints-def name="level-0b">
> > > <security-constraint>
> > > <users>admin</users>
> > > </security-constraint>
> > > <security-constraint>
> > > <roles>manager</roles>
> > > <permissions>view</permissions>
> > > </security-constraint>
> > > </security-constraints-def>
> > > …
> > >
> > >
> > > Can anyone tell me what I'm doing wrong? Did anyone try this before?
> > >
> > > Thanks in advance,
> > > Enrique
> > >
> > >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
