Security on the Fly

["Sturtz, Andrew" <An...@cbetech.com>]

Hi all,
The problem that I am having is I am only able to add security
constraints to portlets by restarting Tomcat after implementing the
security that I need.  We are using Jetspeed 1.4 for our portal and we
have some portlets that some users can access and others that only
another group can access, and then some portlets that all users can
access.  I have assigned roles to the users, and have configured
security profiles based on those roles ie. user-view_admin-all, etc.  If
I try to apply one of my security profiles to a portlet through the
admin account and then log back in as a user I get an error, "Error
retreiving portal page: null"  but if I restart Tomcat I don't see the
error anymore.  On the other hand, if I apply the security profiles
through the xreg files before starting Tomcat the portal behavior is
normal.  We need to be able to do this on the fly throught the admin
account without having to restart Tomcat.  I tried to switch
"services.JetspeedSecurity.caching.enable=false" in the
JetspeedSecurity.properties file with no luck.  Is this a feature that
is available in Jetspeed 1.5 or 2?  Is there a way to accomplish our
goal in 1.4?  Please help. 
Thanks,
-Andrew

RE: Security on the Fly

[Jeremy Ford <ca...@hotmail.com>]

The was a caching issue in the security registry implementation.  This might
resolve your issue.

The bug is here:

http://nagoya.apache.org/jira/browse/JS1-466

You could possibly place a 1.6-dev BaseSecurityEntry.class file into your
webapps WEB-INF classes directory to see if this resolves your issue.

Jeremy Ford
jford@apache.org


-----Original Message-----
From: Sturtz, Andrew [mailto:Andrew.Sturtz@cbetech.com] 
Sent: Wednesday, July 07, 2004 4:20 PM
To: jetspeed-user@jakarta.apache.org
Subject: Security on the Fly

Hi all,
The problem that I am having is I am only able to add security
constraints to portlets by restarting Tomcat after implementing the
security that I need.  We are using Jetspeed 1.4 for our portal and we
have some portlets that some users can access and others that only
another group can access, and then some portlets that all users can
access.  I have assigned roles to the users, and have configured
security profiles based on those roles ie. user-view_admin-all, etc.  If
I try to apply one of my security profiles to a portlet through the
admin account and then log back in as a user I get an error, "Error
retreiving portal page: null"  but if I restart Tomcat I don't see the
error anymore.  On the other hand, if I apply the security profiles
through the xreg files before starting Tomcat the portal behavior is
normal.  We need to be able to do this on the fly throught the admin
account without having to restart Tomcat.  I tried to switch
"services.JetspeedSecurity.caching.enable=false" in the
JetspeedSecurity.properties file with no luck.  Is this a feature that
is available in Jetspeed 1.5 or 2?  Is there a way to accomplish our
goal in 1.4?  Please help. 
Thanks,
-Andrew

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org