You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by Santiago Gala <sg...@hisitech.com> on 2002/06/14 12:48:09 UTC

BaseProfileLocator SecurityServiceRegistered question

I wonder which is the intention of this code:

            if (SecurityServiceRegistered())
                this.setUser( JetspeedSecurity.getAnonymousUser() );
            else
            {
                // warning: this ties us to turbine security
                // we could load class from TRP
                // (services.SecurityService.user.class)
                User user = new BaseJetspeedUser();
                user.setUserName("anon");
                this.setUser(user);
            }

In particular, I imagine two things:

- It could be oriented to prevent errors during initialization
- It could be oriented to run Jetspeed without Turbine Security in place 
(i.e. for an Anonymous unprotected Portal)

Can anybody bring some light here? Google does not find 
"SecurityServiceRegistered". Can I apply for a prize? :-)

Regards,
     Santiago


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: BaseProfileLocator SecurityServiceRegistered question

Posted by Santiago Gala <sg...@hisitech.com>.

David Sean Taylor wrote:

>I think we can safely assume that there will always be a security
>service registered.
>
Thanks. I will modify my code to remove this if, then.

>If there isn't one, Jetspeed throws exceptions during aggregation and
>portlets all produce content with exceptions. I know, I recently tried
>this.
>In the security_14 branch, I just checked in a 'nosecurity'
>implementation of authorization (access controller).
>It always returns true for all permission checks.
>
If the methods of this "no-op" access controller are declared final, the 
VM will inline them, and thus if will be very fast.

>Please give it a try when you get a chance. I hope to finish the
>security branch by this weekend.
>At that point, I would like to merge it to main with everyone's approval
>of course...
>  
>
I'm still finishing the integration of my patches. I will take a look to 
your code, and help merging it to get a good security implementation,

>Anyway, IMO, I don't really see the need for the code below
>(SecurityServiceRegistered)
>  
>
I'll kill it. :-)



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: BaseProfileLocator SecurityServiceRegistered question

Posted by David Sean Taylor <da...@bluesunrise.com>.

I think we can safely assume that there will always be a security
service registered.
If there isn't one, Jetspeed throws exceptions during aggregation and
portlets all produce content with exceptions. I know, I recently tried
this.
In the security_14 branch, I just checked in a 'nosecurity'
implementation of authorization (access controller).
It always returns true for all permission checks.
Please give it a try when you get a chance. I hope to finish the
security branch by this weekend.
At that point, I would like to merge it to main with everyone's approval
of course...

Anyway, IMO, I don't really see the need for the code below
(SecurityServiceRegistered)

> -----Original Message-----
> From: Santiago Gala [mailto:sgala@hisitech.com] 
> Sent: Friday, June 14, 2002 3:48 AM
> To: Jetspeed Developers List
> Subject: BaseProfileLocator SecurityServiceRegistered question
> 
> 
> I wonder which is the intention of this code:
> 
>             if (SecurityServiceRegistered())
>                 this.setUser( JetspeedSecurity.getAnonymousUser() );
>             else
>             {
>                 // warning: this ties us to turbine security
>                 // we could load class from TRP
>                 // (services.SecurityService.user.class)
>                 User user = new BaseJetspeedUser();
>                 user.setUserName("anon");
>                 this.setUser(user);
>             }
> 
> In particular, I imagine two things:
> 
> - It could be oriented to prevent errors during initialization
> - It could be oriented to run Jetspeed without Turbine 
> Security in place 
> (i.e. for an Anonymous unprotected Portal)
> 
> Can anybody bring some light here? Google does not find 
> "SecurityServiceRegistered". Can I apply for a prize? :-)
> 
> Regards,
>      Santiago
> 
> 
> --
> To unsubscribe, e-mail:   
> <mailto:jetspeed-dev-> unsubscribe@jakarta.apache.org>
> For 
> additional commands, 
> e-mail: <ma...@jakarta.apache.org>
> 
> 



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>