portals-jetspeed-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tiwari, Sunil Kumar" <c_sti...@qualcomm.com>
Subject RE: access control in jetspeed2 and integration with Spring?sACEGI security access framework
Date Fri, 13 Jan 2006 07:54:03 GMT
Thanks Randy!

I have updated the JIRA issue JS2-354:

"From a user perspective, its better if no content is displayed. It should appear like the
portlet doesnt exist at all i.e the user doesnt know about the portlet on the page.
If we display some message like "Access Forbidden" then it may be confusing or irritating
for the end user point of view. The user may want to enquire about the portlet in question
which is not a good idea.

For example, I have a page with 10 portlets on it. There are 3 groups of users. One group
can see all the portlets, the other one only 8 portlets and the last group can see only 5
portlets.
Now the page should appear normal, I mean, without any error message, to all the groups of
users i.e. the page properly adjusted for each group.

The advantage is that you have only one page with all the portlets on it but still serving
to different sets of users with access to different subsets of  all the portlets."



Could you elaborate a little on customizer portlet selector?
You said that edit permissions for Fragments are currently inherited by the Page. How to change
this inheritence if it is allowed?

And I tried searching the list for David Taylor's comment on Spring's Acegi integration with
jetspeed2 without any luck :(
If you have any idea about it, please post it.

Thanks,
Sunil

-----Original Message-----
From: Randy Watler [mailto:watler@wispertel.net]
Sent: Thu 1/12/2006 9:03 PM
To: Jetspeed Users List
Subject: Re: access control in jetspeed2 and integration with Spring?sACEGI security access
framework
 
On Thu, 2006-01-12 at 20:31 -0800, Tiwari, Sunil Kumar wrote:
> Hi,
> 
> I was looking into the access control in jetspeed2 and I noticed that it uses JAAS Authorization
to provide this.
> This link is useful for this: http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/atz-jaas.html
> 
> I have some questions here:
> 
> 1) Can we define more customized roles like privileged users apart from the existing
roles like user, manager, admin etc?
Yes. Roles are defined and configured using the role management admin
portlet.

> 2) I think portlet level access control is not provided. Correct me if I am wrong. If
I create a simple user then he doesnt have  edit options neither at page level nor  at
>    portlet level where as a user as an admin has all. What if I dont want the user to
have edit option for the page but for some of the portlets on the page?
>    How can it be achieved?
- Portlet level access can be controlled by the isUserInRole() JSR-168
API within the portlet itself.
- Portlets visible in the customizer portlet selector are configured via
PortletPermissions.
- Page Fragments visibility can be further constrained using security
constraints on the individual Fragments. Edit permissions for Fragments
are currently inherited by the Page.
So, I do not think what you are asking for is currently supported. There
is an open JIRA issue on the current limitations... feel free to add
your requirements to the comments:

https://issues.apache.org/jira/browse/JS2-354


> 3) How to integrate Spring's ACEGI security access framework with jetspeed2?
Not sure. David Taylor looked into ACEGI some time ago, but I dont
recall what the outcome was. As usual, try searching the lists :-).

> 
> Thanks in advance,
> -Sunil
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org




Mime
View raw message