You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-user@portals.apache.org by Werner Punz <we...@gmx.at> on 2002/09/16 15:06:33 UTC

Security problem

Hi

I have a Jetspeed Security related problem. I try to deploy a portlet 
which is only accessible by certain users. I therefore added a role 
"test" to a testuser which should show the portlet in his page. I also 
added following entries to my portlet xreg entry:

  <security role="test"/>
         <security-ref parent="test-only"/>


With following additional entry in security.xreg:

  <security-entry name="test-only">
         <meta-info>
             <title>Test-only</title>
             <description>Full access to users with the test 
role.</description>
         </meta-info>
         <access action="*">
             <allow-if role="test"/>
         </access>
     </security-entry>


The problem is that the role and its permissions don´t seem to be 
recognized. I don´t get the proper permissions in my testuser with the 
"test" role. Am I missing something?


Kind regards

Werner



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Security problem

Posted by Bui Quoc Thai <st...@ait.ac.th>.

Hi Werner,

 Try to use "user" attribute in <allow-if> element in security.xreg, like this:
      .....
        <access action="*">
          <allow-if role="test" user="testuser"/>
        </access>
      .....


Thai
 

Quoting Werner Punz <we...@gmx.at>:

> Hi
> 
> I have a Jetspeed Security related problem. I try to deploy a portlet 
> which is only accessible by certain users. I therefore added a role 
> "test" to a testuser which should show the portlet in his page. I also 
> added following entries to my portlet xreg entry:
> 
>   <security role="test"/>
>          <security-ref parent="test-only"/>
> 
> 
> With following additional entry in security.xreg:
> 
>   <security-entry name="test-only">
>          <meta-info>
>              <title>Test-only</title>
>              <description>Full access to users with the test 
> role.</description>
>          </meta-info>
>          <access action="*">
>              <allow-if role="test"/>
>          </access>
>      </security-entry>
> 
> 
> The problem is that the role and its permissions don´t seem to be 
> recognized. I don´t get the proper permissions in my testuser with the 
> "test" role. Am I missing something?
> 
> 
> Kind regards
> 
> Werner
> 
> 
> 
> --
> To unsubscribe, e-mail:  
> <ma...@jakarta.apache.org>
> For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> 


--------------------------
Email: st027235@ait.ac.th
       bqthai@ctu.edu.vn
Room: C34
Tel: 524-7099

----------------------------------------------------------
This mail sent through AIT WebMail : http://www.ait.ac.th/

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>