portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor" <da...@bluesunrise.com>
Subject RE: Security and Object Model
Date Thu, 25 Apr 2002 16:37:50 GMT
> If you decide to go ahead with this change, would it be possible to
get a CVS tag on the current stable codeset?  > Things seem pretty good
from what I've seen and I would like to be able to move ahead building
on top of the 

Im with you ;)

> If security is only checked during customization, what 
> happens if the administrator revokes a permission/role/group 
> later?  If a change is made that takes the user's right to a 
> portlet away later, won't checking security only at 
> customization miss this?

If a permission is revoked, the portlet would be removed at that time.
You can argue that there is a lot overhead there, but my argument is
that there is too much overhead in checking security with every request.
Perhaps a compromise would be to make the security check once per
session, and cache it. 




--
To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>


Mime
View raw message