You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Santiago Gala <sg...@hisitech.com> on 2002/06/14 12:48:09 UTC
BaseProfileLocator SecurityServiceRegistered question
I wonder which is the intention of this code:
if (SecurityServiceRegistered())
this.setUser( JetspeedSecurity.getAnonymousUser() );
else
{
// warning: this ties us to turbine security
// we could load class from TRP
// (services.SecurityService.user.class)
User user = new BaseJetspeedUser();
user.setUserName("anon");
this.setUser(user);
}
In particular, I imagine two things:
- It could be oriented to prevent errors during initialization
- It could be oriented to run Jetspeed without Turbine Security in place
(i.e. for an Anonymous unprotected Portal)
Can anybody bring some light here? Google does not find
"SecurityServiceRegistered". Can I apply for a prize? :-)
Regards,
Santiago
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: BaseProfileLocator SecurityServiceRegistered question
Posted by Santiago Gala <sg...@hisitech.com>.
David Sean Taylor wrote:
>I think we can safely assume that there will always be a security
>service registered.
>
Thanks. I will modify my code to remove this if, then.
>If there isn't one, Jetspeed throws exceptions during aggregation and
>portlets all produce content with exceptions. I know, I recently tried
>this.
>In the security_14 branch, I just checked in a 'nosecurity'
>implementation of authorization (access controller).
>It always returns true for all permission checks.
>
If the methods of this "no-op" access controller are declared final, the
VM will inline them, and thus if will be very fast.
>Please give it a try when you get a chance. I hope to finish the
>security branch by this weekend.
>At that point, I would like to merge it to main with everyone's approval
>of course...
>
>
I'm still finishing the integration of my patches. I will take a look to
your code, and help merging it to get a good security implementation,
>Anyway, IMO, I don't really see the need for the code below
>(SecurityServiceRegistered)
>
>
I'll kill it. :-)
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: BaseProfileLocator SecurityServiceRegistered question
Posted by David Sean Taylor <da...@bluesunrise.com>.
I think we can safely assume that there will always be a security
service registered.
If there isn't one, Jetspeed throws exceptions during aggregation and
portlets all produce content with exceptions. I know, I recently tried
this.
In the security_14 branch, I just checked in a 'nosecurity'
implementation of authorization (access controller).
It always returns true for all permission checks.
Please give it a try when you get a chance. I hope to finish the
security branch by this weekend.
At that point, I would like to merge it to main with everyone's approval
of course...
Anyway, IMO, I don't really see the need for the code below
(SecurityServiceRegistered)
> -----Original Message-----
> From: Santiago Gala [mailto:sgala@hisitech.com]
> Sent: Friday, June 14, 2002 3:48 AM
> To: Jetspeed Developers List
> Subject: BaseProfileLocator SecurityServiceRegistered question
>
>
> I wonder which is the intention of this code:
>
> if (SecurityServiceRegistered())
> this.setUser( JetspeedSecurity.getAnonymousUser() );
> else
> {
> // warning: this ties us to turbine security
> // we could load class from TRP
> // (services.SecurityService.user.class)
> User user = new BaseJetspeedUser();
> user.setUserName("anon");
> this.setUser(user);
> }
>
> In particular, I imagine two things:
>
> - It could be oriented to prevent errors during initialization
> - It could be oriented to run Jetspeed without Turbine
> Security in place
> (i.e. for an Anonymous unprotected Portal)
>
> Can anybody bring some light here? Google does not find
> "SecurityServiceRegistered". Can I apply for a prize? :-)
>
> Regards,
> Santiago
>
>
> --
> To unsubscribe, e-mail:
> <mailto:jetspeed-dev-> unsubscribe@jakarta.apache.org>
> For
> additional commands,
> e-mail: <ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>