portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Taylor <davidseantay...@gmail.com>
Subject Re: svn commit: r1178678 - in /portals/jetspeed-2: applications/j2-admin/trunk/src/main/webapp/WEB-INF/ portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/ portal/trunk/applications/jetspeed/src/main/weba
Date Tue, 04 Oct 2011 16:51:58 GMT
On Tue, Oct 4, 2011 at 4:50 AM, Ate Douma <ate@douma.nu> wrote:
> On 10/04/2011 01:28 PM, Ate Douma wrote:
>>
>> On 10/04/2011 09:17 AM, David Taylor wrote:
>>>
>>> Ate,
>>>
>>> Why are you adding all of these security-constraints-refs to the pages
>>> if the folder already has the exact same security-constraints-ref? The
>>> security constraint is inherited from the folder and the page
>>> constraints are unnecessary
>>>
>>>> +<security-constraints>
>>>> +<security-constraints-ref>admin</security-constraints-ref>
>>>> +</security-constraints>
>>>
>> David, you are right: for most of these this actually isn't needed as the
>> inherited folder security constraints already will enforce it.
>>
>> With one exception though: the demo pages for the classic (portal) ui
>> still has
>> everything in one folder (/Administrative) using
>> <security-constaints-ref>manager</security-constraints-ref>
>>
>> Because of that use-case (which I think is a valid and good example, not
>> sure
>> why that was removed from the jetui demo configuration), I had to enforce
>> these
>> constraints on psml page level there.
>> And because it was late I simply applied the same change on every psml
>> reference
>> for these 'locked down' portlets.
>>
>> I can remove these changes where they are redundant, now, but if/when we
>> would
>> add a manager role to the jetui demo similar to the classic demo pages,
>> these
>> extra constraints would be needed.
>>
>> WDYT?
>
> On second thoughts: I think its actually quite nice we have such different
> demo configurations, the 'classic' one showing both admin and manager access
> usages to the administrative portlets, while the jetui demo showing a much
> more 'tuned' variant with only delegated user security on the devmgr role.
>
> So I think I like to keep it as is, and therefore will remove the redundant
> psml constraints again, except for the 'classic' demo psml which really does
> need them.
>
> Thanks for pointing it out David!
>
+1

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message