On 26 Oct 2011, at 19:05, Raminderjeet Singh wrote: > Portals may need both. We should make this configurable based on a property > and when admin is setting up the portal can select the property. In case > admin authorization is required we can add a page to display that user > account is not active.
Wouldn't it be more useful to disable registration in that case rather than enable registration, but have it not work? I think self-registration is something that should be configurable (with the default as enabled). However once a user has successfully registered (having gone through the usual bot-detection process), I don't see a problem with immediately granting a basic access role. So I'm +1 on option #2. > > Thanks > Raminder > > > On Oct 26, 2011, at 1:57 PM, Carlucci, Tony wrote: > >> It appears that right now when a new user registers in Rave, they do not get >> any granted authority roles (including the all-important ROLE_USER). So a >> new user creates their account, then tries to login, and gets a 403 >> forbidden. Is this the behavior we want, where all new users must have the >> ROLE_USER applied manually by an admin, or do we want to automatically give >> ROLE_USER to new user accounts so they can login? >> >> My vote would be for #2 (give them ROLE_USER automatically) but what do >> others think? >> >> Thanks, Tony >> >> --- >> Anthony Carlucci | SW App Dev Eng, Sr. | R501 / KW App Development & Maint >> e: [email protected]<mailto:[email protected]> | v: 781.271.2432 | f: >> 781.271.3299 >> The MITRE Corporation | 202 Burlington Rd | Bedford, MA 01730-1420 >> >
