You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Nikko Gaerlan <ni...@gmail.com> on 2006/12/27 04:59:09 UTC

secutiry constraints - deny access

hi list

DENIES
A deny security constraint is declared with one or more security principals;
with no associated permissions. Deny constraints prohibit access to the page
or folder for the given list of principals. Note that deny constraints must
be listed before grant constraints.

it is written in
http://portals.apache.org/jetspeed-2/guides/guide-security-declarative-psml.html

but how?

i would like to have a page that only guests or anonymous users are able to
see..

thanks..

Re: secutiry constraints - deny access

Posted by Enrique Perez <pe...@dit.upm.es>.

Hi,

As far as I know, you'd better give permission to see the page just to 
"guest" user (so anyone who is not identified as "guest" is banned to 
see the page).
Try to add this code at the end of your "psml" page:

    <!-- security constraints -->
        <security-constraints>
            <security-constraint>
                <users>guest</users>
                <permissions>view</permissions>
            </security-constraint>
        </security-constraints>

Don't inherit any constraint from "page.security"...

Anyway, if you want to deny access to a specific user (if I'm not wrong 
:S ), you only have to add a security constraint without permissions at 
the very beginning of security constraints list... just like this:

    <security-constraint>
                <users>username1</users>
    </security-constraint>
    <security-constraint>
                <roles>manager</roles>
                <permissions>view, edit</permissions>
    </security-constraint>

(You can apply these security constraints to roles as well.)
That way, user identified as "username1" has access denied, even though 
he has role "manager".

Hope that helps.
Regards,
Enrique



Nikko Gaerlan escribió:
> hi list
>
> DENIES
> A deny security constraint is declared with one or more security 
> principals;
> with no associated permissions. Deny constraints prohibit access to 
> the page
> or folder for the given list of principals. Note that deny constraints 
> must
> be listed before grant constraints.
>
> it is written in
> http://portals.apache.org/jetspeed-2/guides/guide-security-declarative-psml.html 
>
>
> but how?
>
> i would like to have a page that only guests or anonymous users are 
> able to
> see..
>
> thanks..
>



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org