How to secure the http://host:8080/jetspeed/portal/user/toto

[Xavier Michel <xm...@cstahiti.com>]

Hi,

When the user "toto" logs in, Jetspeed will dynamically check the psml file
user/toto/default.psml.

I try to protect the explicitly invoke
http://host:8080/jetspeed/portal/user/toto

Same thing for http://host:8080/jetspeed/portal/group/apache and
http://host:8080/jetspeed/portal/permission/foo

Something is parametrable in the conf. ?


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: How to secure the http://host:8080/jetspeed/portal/user/toto

[Santiago Gala <sg...@hisitech.com>]

Xavier Michel wrote:

>Hi,
>
>When the user "toto" logs in, Jetspeed will dynamically check the psml file
>user/toto/default.psml.
>
>I try to protect the explicitly invoke
>http://host:8080/jetspeed/portal/user/toto
>
>Same thing for http://host:8080/jetspeed/portal/group/apache and
>http://host:8080/jetspeed/portal/permission/foo
>
>Something is parametrable in the conf. ?
>
This depends on the version you are running. There are partial 
implementations of security, although I think nothing regarding PSML.

I'm currently working in securing psml in cvs. I will commit shortly the 
security for portletsets, which include the psml access.

I will post first a proposal in jetspeed-dev, since the changes involved 
some changes in the way PSML is looked for in jetspeed.

Expect this feature to be out and tested by Jetspeed 1.3

By the way, when the proposal is out and implemented, I will require you 
people to try to break it in all imaginable ways, to make sure we have 
not oversight anything.

>
>
>--
>To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>