incubator-graffito-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Watler <wat...@wispertel.net>
Subject Re: Graffito build for Jetspeed-2 M4-SNAPSHOT
Date Mon, 26 Sep 2005 21:26:08 GMT
Christophe Lombart wrote:

>Maybe it is a regression. Are you using the subproject
>'jetspeed2-deploy' to deploy into J2 ? See in this subproject, there
>are some xml file uses to deploy the application.
>
Yes, I am using this project to deploy, albeit modified for M4.

>
>Let me know if you need help. I don't know if I can access to your
>modifications somewhere.
>
Here is the deal:

The Graffito Browser is adding these objects to the RdbmsPolicy store:

org.apache.portals.graffito.model.pemission.impl.CmsPermissionImpl

While these appear to be correctly specified and stored by the browser, 
the Graffito
security implementation is creating permission instances of this class 
type and
sending these to the AccessController.checkPermission():

org.apache.portals.graffito.security.impl.CmsPermissionImpl

See 
components/src/java/org/apache/portals/graffito/security/impl/GraffitoAction.java.

Unless I am missing something, the new permissions will not be seen by
java security because the class types do not match. Of course, the initial
setup/deploy has permissions granted to /role/admin using the
org.apache.portals.graffito.security.impl.CmsPermissionImpl class and
these work as expected.

Did I miss some configuration that tells the Graffito Browser to use the
security vs. model implementations? Am I missing some nuance of java
security that would allow the model implementations to be read?

Randy

>
>Thanks, 
>Christophe 
>
>  
>


Mime
View raw message