portals-jetspeed-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yao cuihong <yaocuih...@gmail.com>
Subject Re: Login page
Date Wed, 11 Jan 2006 01:23:07 GMT
Randy,
Thanks

I read the documention in
http://portals.apache.org/jetspeed-2/guides/guide-profiler.html and
http://portals.apache.org/jetspeed-2/guides/guide-security.html. I have the
following questions:

1. Jetspeed 2 provides a custom policy implemention that allow the portal to
secure resources as  follow:
grant principal o.a.j.security.UserPrincipal "theUserPrincipal" {
  permission o.a.j.security.PagePermission "mypage", "view";
  permission o.a.j.security.PortletPermission "myportlet",
"view,edit,minimize,maximize";
  permission o.a.j.security.TabPermission "mytab", "view";
};

grant principal o.a.j.security.RolePrincipal "theRolePrincipal" {
  permission o.a.j.security.PagePermission "mypage", "view";
  permission o.a.j.security.PortletPermission "myportlet",
"view,edit,minimize,maximize";
  permission o.a.j.security.TabPermission "mytab", "view";
};

grant principal o.a.j.security.GroupPrincipal "theGroupPrincipal" {
  permission o.a.j.security.PagePermission "mypage", "view";
  permission o.a.j.security.PortletPermission "myportlet",
"view,edit,minimize,maximize";
  permission o.a.j.security.TabPermission "mytab", "view";
};

Where does the policy file locate?
What is "theUserPrincipal", "mypage", and "mytab"? What do they represent?
Are they constant?

2. Jetspeed 2 security services rely entirely on JAAS
    Does the LoginPortlet in j2-admin portlet application use JAAS?
    What is the mechanism of LoginPortlet? I read the source of
LoginPortlet, but don't understand.
    How does the LoginPortlet authenticate the user?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message