You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (Reopened) (JIRA)" <je...@portals.apache.org> on 2011/10/04 13:55:34 UTC
[jira] [Reopened] (JS2-1263) Hardening j2-admin security by
restricting access to hot deployment and portlet metadata features to admin
role only
[ https://issues.apache.org/jira/browse/JS2-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma reopened JS2-1263:
----------------------------
I added a bit too much redundant psml level constraints on these admin portlets for where their psml folders already enforced this by inheritance.
For the 'classic' (portal) demo pages however, these are needed as that demo configuration allows access to both admin and manager role to the Administration portlets by default (folder level constraint).
Note: these psml constraints are not so much needed to enforce the 'locking down' of these portlets, only to prevent rendering the 'Access Denied' message on their Portlet Window if a user is not allowed to *execute* the portlet. With these psml constraints the portlet window won't be rendered at all.
> Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
> --------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-1263
> URL: https://issues.apache.org/jira/browse/JS2-1263
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Admin Portlets
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org