Hi, Randy. I'm using Jetspeed2 (version 2.0), built with Maven 1.0.2. But I'm not sure this would be a J2 bug, it's most likely that I'm doing something wrong =) I attach my files in case any of you see something weird.
Thanks for your help. Regards > -----Mensaje original----- > De: Randy Watler [mailto:[EMAIL PROTECTED] > Enviado el: lunes, 03 de julio de 2006 0:41 > Para: Jetspeed Users List > Asunto: RE: Security constraints for fragments > > Enrique, > > If exceptions are listed first, they should be excluded, (by matching a > security-constraint with out a permission). For example: > > <security-constraints> > <security-constraint> > <users>jetspeed</users> > </security-constraint> > </security-constraints> > > This should have restricted ONLY the 'jetspeed' user. It appears it is > not working for you. What version of J2 are you using? I'd like to know > before I go digging to find the bug :-). > > Randy > > On Fri, 2006-06-30 at 12:09 +0200, Enrique Perez wrote: > > Hi Martin, > > > > I've been "playing" a little bit with security constraints in fragments > > and what I've grasped is that once you've allowed access to some > > "principals" to the page (by any means: user list, group list, role > > list), it is impossible to deny access to any "principal" that is > > included in the granted access list. Am I wrong? > > > > What I was trying to achieve was: excluding specific people to a portlet > > that have access granted to the page. That way, some people could access > > to some info that others don't in the same tab... > > > > Regards, > > Enrique > > > > > > > > > -----Mensaje original----- > > > De: Martin Dulisch [mailto:[EMAIL PROTECTED] > > > Enviado el: jueves, 29 de junio de 2006 22:19 > > > Para: Jetspeed Users List > > > Asunto: Re: Security constraints for fragments > > > > > > Hi Enrique, > > > > > > try this with users that do not have the manager or admin role. These > > > user see everything. This is what I have tested. > > > > > > Martin > > > > > > > > > 2006/6/29, Enrique Pérez <[EMAIL PROTECTED]>: > > > > Hi, > > > > > > > > As far as I can understand from documentation > > > > > > (http://portals.apache.org/jetspeed-2/guides/guide-security-declarative- > > > > psml.html), it's possible to apply some restrictions to fragments > > inside > > > > a "psml page" just by writing a list of security constraints in the > > > > fragment definition. > > > > In order to try this feature, I've made a testing psml page > > accessible > > > > just for users with role="manager". Inside it, there is a portlet > > whose > > > > access is supposed to be denied for user "jetspeed" (though user > > > > "jetspeed" has the manager role): > > > > > > > > <page> > > > > > > > > <fragment id="hidd-p-03" type="portlet" > > > > name="j2-admin::UserDetailsPortlet"> > > > > <property name="row" value="1"/> > > > > <property name="column" value="1"/> > > > > <security-constraints> > > > > <security-constraint> > > > > <users>jetspeed</users> > > > > </security-constraint> > > > > </security-constraints> > > > > </fragment> > > > > > > > > <security-constraints> > > > > > > > > <security-constraints-ref>level-0b</security-constraints-ref> > > > > </security-constraints> > > > > </page> > > > > > > > > > > > > where "level-0b" is defined in "page.security": > > > > > > > > <security-constraints-def name="level-0b"> > > > > <security-constraint> > > > > <users>admin</users> > > > > </security-constraint> > > > > <security-constraint> > > > > <roles>manager</roles> > > > > <permissions>view</permissions> > > > > </security-constraint> > > > > </security-constraints-def> > > > > > > > > > > > > > > > > Can anyone tell me what I'm doing wrong? Did anyone try this before? > > > > > > > > Thanks in advance, > > > > Enrique > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
