For the demo portal giving new users the ROLE_USER automatically is okay. I agree with Raminder that it should be configurable. Managing this setting should be done through the admin interface ( http://incubator.apache.org/rave/documentation/admin-interface.html) so it can be changed at runtime.
On 26 October 2011 20:05, Raminderjeet Singh <[email protected]>wrote: > Portals may need both. We should make this configurable based on a property > and when admin is setting up the portal can select the property. In case > admin authorization is required we can add a page to display that user > account is not active. > > Thanks > Raminder > > > On Oct 26, 2011, at 1:57 PM, Carlucci, Tony wrote: > > > It appears that right now when a new user registers in Rave, they do not > get any granted authority roles (including the all-important ROLE_USER). So > a new user creates their account, then tries to login, and gets a 403 > forbidden. Is this the behavior we want, where all new users must have the > ROLE_USER applied manually by an admin, or do we want to automatically give > ROLE_USER to new user accounts so they can login? > > > > My vote would be for #2 (give them ROLE_USER automatically) but what do > others think? > > > > Thanks, Tony > > > > --- > > Anthony Carlucci | SW App Dev Eng, Sr. | R501 / KW App Development & > Maint > > e: [email protected]<mailto:[email protected]> | v: 781.271.2432 | > f: 781.271.3299 > > The MITRE Corporation | 202 Burlington Rd | Bedford, MA 01730-1420 > > > >
