portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (Reopened) (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] [Reopened] (JS2-1263) Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
Date Tue, 04 Oct 2011 11:55:34 GMT

     [ https://issues.apache.org/jira/browse/JS2-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ate Douma reopened JS2-1263:
----------------------------


I added a bit too much redundant psml level constraints on these admin portlets for where
their psml folders already enforced this by inheritance.
For the 'classic' (portal) demo pages however, these are needed as that demo configuration
allows access to both admin and manager role to the Administration portlets by default (folder
level constraint).

Note: these psml constraints are not so much needed to enforce the 'locking down' of these
portlets, only to prevent rendering the 'Access Denied' message on their Portlet Window if
a user is not allowed to *execute* the portlet. With these psml constraints the portlet window
won't be rendered at all.
                
> Hardening j2-admin security by restricting access to hot deployment and portlet metadata
features to admin role only
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: JS2-1263
>                 URL: https://issues.apache.org/jira/browse/JS2-1263
>             Project: Jetspeed 2
>          Issue Type: Improvement
>          Components: Admin Portlets
>    Affects Versions: 2.2.1
>            Reporter: Ate Douma
>            Assignee: Ate Douma
>             Fix For: 2.2.2
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message