You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by webguy <we...@online.ie> on 2003/02/28 13:24:03 UTC

Hierarchical Jetspeed Security 

Hi,  I'm new to Jetspeed so be gentle :-) I have a security question.

I'm looking to create a site that has sub-sites

eg : 	site 				<---	[a] 	all users are members of this site
	\------- sub site 	<---	[b] 	A subset of all users are members of one or
more sub-sites
		\------portlet	<---	[c] 	A subset of [b] have permissions
							for different portlets within a subsite.


Permissions for portlets in [b] are to be managed by a sub-site editor..

A user can have individual permissions for portlets in a subsite
A user can have one or many roles in a given subsite


Can the jetspeed security system handle this or would I have to role my own?

Thanks WG


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

Re: Hierarchical Jetspeed Security

Posted by Santiago Gala <sg...@hisitech.com>.
webguy wrote:
> Hi,  I'm new to Jetspeed so be gentle :-) I have a security question.
> 
> I'm looking to create a site that has sub-sites
> 
> eg : 	site 				<---	[a] 	all users are members of this site
> 	\------- sub site 	<---	[b] 	A subset of all users are members of one or
> more sub-sites
> 		\------portlet	<---	[c] 	A subset of [b] have permissions
> 							for different portlets within a subsite.
> 

Subsites would go into different Turbine "group" (which is really some 
thing more alike realm, i.e. group *of resources*). A PSML resource 
provides a group for security checks, a request provides a user. This 
extends the security model.

> 
> Permissions for portlets in [b] are to be managed by a sub-site editor..
> 

This would depend on having different persons with the *admin* role in 
different groups.

> A user can have individual permissions for portlets in a subsite
> A user can have one or many roles in a given subsite
> 
> 
> Can the jetspeed security system handle this or would I have to role my own?
> 

The group based security I was working on is about exactly this. These 
where the user requirements that I coped with.

The problem is that I could not, at the same time, develop it, *and* 
have a stable code base for our project, *and* track the heavy code 
changes in jetspeed around mid-2002, so I have these changes sitting in 
my disk.

It works for Jetspeed 1.3b3, something roughly equivalent to jetspeed 
HEAD around June 2002.

I offered recently to start committing those changes in the 1.3b3 
branch, to have them merged later in to HEAD.

I think jetspeed desperately needs som API clean up. A big part of the 
problems I have found are due to redundant/incompatible public methods, 
or people relying in AbstractPortlet methods not in Portlet 
CacheablePortlet or PortletState.

I think that, while waiting for the standard proposal (JSR168) to come 
out, we could:
* release a beta or even a 1.4 release
* clean APIs, and prepare the code base to take on the new developments 
having a good understanding of the interfaces and dependencies between 
modules.

Regards,
      Santiago

> Thanks WG
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org