You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by "Ate Douma (Created) (JIRA)" <je...@portals.apache.org> on 2011/10/04 05:27:33 UTC
[jira] [Created] (JS2-1263) Hardening j2-admin security by
restricting access to hot deployment and portlet metadata features to admin
role only
Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
--------------------------------------------------------------------------------------------------------------------
Key: JS2-1263
URL: https://issues.apache.org/jira/browse/JS2-1263
Project: Jetspeed 2
Issue Type: Improvement
Reporter: Ate Douma
Assignee: Ate Douma
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Reopened] (JS2-1263) Hardening j2-admin security by
restricting access to hot deployment and portlet metadata features to admin
role only
Posted by "Ate Douma (Reopened) (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma reopened JS2-1263:
----------------------------
I added a bit too much redundant psml level constraints on these admin portlets for where their psml folders already enforced this by inheritance.
For the 'classic' (portal) demo pages however, these are needed as that demo configuration allows access to both admin and manager role to the Administration portlets by default (folder level constraint).
Note: these psml constraints are not so much needed to enforce the 'locking down' of these portlets, only to prevent rendering the 'Access Denied' message on their Portlet Window if a user is not allowed to *execute* the portlet. With these psml constraints the portlet window won't be rendered at all.
> Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
> --------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-1263
> URL: https://issues.apache.org/jira/browse/JS2-1263
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Admin Portlets
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Resolved] (JS2-1263) Hardening j2-admin security by
restricting access to hot deployment and portlet metadata features to admin
role only
Posted by "Ate Douma (Resolved) (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma resolved JS2-1263.
----------------------------
Resolution: Fixed
Both portlet render time enforcement of admin constraints and related psml level admin constraints (hiding portlets/pages instead of showing 'Access Denied') added
See also JS2-1262 for more detail concerning individual portlet render time constraints checking configuration.
Portlets/pages 'locked down' this way:
- PAM (Portlet Application Manager)
- RPAD (Remote Portlet Application Deployer)
- Permissions & Constraints management
- PortalDataSerializer (Import/Export)
> Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
> --------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-1263
> URL: https://issues.apache.org/jira/browse/JS2-1263
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Admin Portlets
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Updated] (JS2-1263) Hardening j2-admin security by
restricting access to hot deployment and portlet metadata features to admin
role only
Posted by "Ate Douma (Updated) (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma updated JS2-1263:
---------------------------
Component/s: Admin Portlets
Affects Version/s: 2.2.1
Fix Version/s: 2.2.2
> Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
> --------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-1263
> URL: https://issues.apache.org/jira/browse/JS2-1263
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Admin Portlets
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
[jira] [Resolved] (JS2-1263) Hardening j2-admin security by
restricting access to hot deployment and portlet metadata features to admin
role only
Posted by "Ate Douma (Resolved) (JIRA)" <je...@portals.apache.org>.
[ https://issues.apache.org/jira/browse/JS2-1263?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ate Douma resolved JS2-1263.
----------------------------
Resolution: Fixed
redundant psml security constraints removed again
> Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
> --------------------------------------------------------------------------------------------------------------------
>
> Key: JS2-1263
> URL: https://issues.apache.org/jira/browse/JS2-1263
> Project: Jetspeed 2
> Issue Type: Improvement
> Components: Admin Portlets
> Affects Versions: 2.2.1
> Reporter: Ate Douma
> Assignee: Ate Douma
> Fix For: 2.2.2
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org