You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Jacek Wiślicki <ja...@gmail.com> on 2006/01/13 17:57:40 UTC
jetspeed 2.0 FINAL
Hi,
when I place in folder.metadata as a part of my declarative menu the
following element:
<options depth="-1">/some_folder/</options>
it is listed in my decorator (and its pages are fully accessible) no
matter what user is logged on (also for 'guest'), although some_folder's
security constraints are defined as:
<security-constraints>
<security-constraints-ref>manager</security-constraints-ref>
<permissions>view</permissions>
</security-constraints>
I've tried also further decreasing folder's access rights but it did not
help.
Should it be like this? Any help and advices appreciated.
--
pozdrawiam,
Jacek Wislicki
jacek.wislicki@gmail.com
tel.: +48 502 408 444
gg: 2540358
skype: jacek_wislicki
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: jetspeed 2.0 FINAL
Posted by Jacek Wiślicki <ja...@gmail.com>.
Wiadomosc od Randy Watler z 2006-01-13 23:55 brzmiala:
> Sorry, I dont have a better answer at the moment.
Thanks for help :) Maybe you could try with "Administrative" subfolder
in demo pages. My problem is more less around it.
--
pozdrawiam,
Jacek Wislicki
jacek.wislicki@gmail.com
tel.: +48 502 408 444
gg: 2540358
skype: jacek_wislicki
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: jetspeed 2.0 FINAL
Posted by Randy Watler <wa...@wispertel.net>.
Jacek,
I am not sure what the problem is. In general, the security stuff has
and does for many. It seems that you are trying the right things.
That said, I assume there must be a bug somewhere. Let me see if I can
recreate the problem here somehow.
Sorry, I dont have a better answer at the moment.
Randy
On Fri, 2006-01-13 at 23:10 +0100, Jacek Wiślicki wrote:
> Wiadomosc od Randy Watler z 2006-01-13 22:54 brzmiala:
>
> > Jacek,
> >
> > That security constraint is malformed.
> >
> > If you want to restrict view to managers only, please try something like
> > this:
> >
> > <security-constraints>
> > <security-constraint>
> > <roles>manager</roles>
> > <permissions>view</permissions>
> > </security-constraint>
> > </security-constraints>
> Well, the previous code references the definition in page.security in
> the root folder (as far as I remember the one included in Jetspeed demo
> pages). Unfortunately, your code didn't help. Is it a bug or some
> misconfiguration at my side?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: jetspeed 2.0 FINAL
Posted by Jacek Wiślicki <ja...@gmail.com>.
Wiadomosc od Randy Watler z 2006-01-13 22:54 brzmiala:
> Jacek,
>
> That security constraint is malformed.
>
> If you want to restrict view to managers only, please try something like
> this:
>
> <security-constraints>
> <security-constraint>
> <roles>manager</roles>
> <permissions>view</permissions>
> </security-constraint>
> </security-constraints>
Well, the previous code references the definition in page.security in
the root folder (as far as I remember the one included in Jetspeed demo
pages). Unfortunately, your code didn't help. Is it a bug or some
misconfiguration at my side?
--
pozdrawiam,
Jacek Wislicki
jacek.wislicki@gmail.com
tel.: +48 502 408 444
gg: 2540358
skype: jacek_wislicki
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: jetspeed 2.0 FINAL
Posted by Randy Watler <wa...@wispertel.net>.
Jacek,
That security constraint is malformed.
If you want to restrict view to managers only, please try something like
this:
<security-constraints>
<security-constraint>
<roles>manager</roles>
<permissions>view</permissions>
</security-constraint>
</security-constraints>
HTH,
Randy
On Fri, 2006-01-13 at 17:57 +0100, Jacek Wiślicki wrote:
> Hi,
> when I place in folder.metadata as a part of my declarative menu the
> following element:
> <options depth="-1">/some_folder/</options>
> it is listed in my decorator (and its pages are fully accessible) no
> matter what user is logged on (also for 'guest'), although some_folder's
> security constraints are defined as:
> <security-constraints>
> <security-constraints-ref>manager</security-constraints-ref>
> <permissions>view</permissions>
> </security-constraints>
> I've tried also further decreasing folder's access rights but it did not
> help.
>
> Should it be like this? Any help and advices appreciated.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org