You are right, but that's not enough to ensure the authorization parts for a
portlet.
As a result we are needing a new layer to control access to the
functionality of the
portlets.
In a simple scenario it is feasible to store the roles in Turbine, but we
don't use
Turbine. In our landscape we are using several systems, which are coubled to
the user
management. All are bringing their own roles, which are aggregated inside of
the
user management to user roles. As a result there are roles, which are not
related to
JetSpeed.
As a result I agree: if you are using JetSpeed in a simpler system landscape
with
Turbine it's not necessary to store seperated roles. But still we are
needing an API
to retrieve all existing roles: for the UI. Here you have to display a list
of all
available roles to the user. All interfaces in Turbine I've seen are able to
retrieve
the roles of *one* user, but not all existing roles for JetSpeed. Have I
missed some
APIs ?
-----Original Message-----
From: Jon Stevens [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 22. August 2000 08:48
To: JetSpeed
Subject: Re: PROPOSAL: role-based authorization concept
dude...roles are already implemented in turbine...just use that.
-jon
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
