You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by shikari shambu <sh...@hotmail.com> on 2009/12/08 16:31:04 UTC

Leveraging Jetspeed security tables to secure access to external resources

Hi,

 I have a solution that uses Jetspeed with Alfresco ECM. Rather than create users and access permissions in both places I plan to access Alfresco content from Jetspeed through a service account and implement the authorization checks on the front end - in Jetspeed portal. I would like to see if there is a way to leverage the Jetspeed security tables to achieve this.

 

Essentially, I have document types and sub types. Specific roles have specific permissions on document type (in which case they have the same permission on all sub types) or they have defined permissions on the sub type. All documents related to a document type are stored in a folder/ space in Alfresco.

 

I am toying with the idea of using the security_permission table and create document management specific entries

 

PERMISSION_ID     PERMISSION_TYPE     NAME                              ACTIONS

XXX                     document                 /doctype                         view, edit

YYY                     document                 /doctype/subtype             view, edit

 

Is this a valid/ good approach? Or, is there a better way to extend jetspeed security to support access to external resources?

 

TIA
 		 	   		  
_________________________________________________________________
Windows Live Hotmail gives you a free,exclusive  gift.
http://www.microsoft.com/windows/windowslive/hotmail_bl1/hotmail_bl1.aspx?ocid=PID23879::T:WLMTAGL:ON:WL:en-ww:WM_IMHM_7:092009