You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by Jacek Wiślicki <ja...@gmail.com> on 2006/01/13 17:57:40 UTC

jetspeed 2.0 FINAL

Hi,
	when I place in folder.metadata as a part of my declarative menu the 
following element:
   <options depth="-1">/some_folder/</options>
it is listed in my decorator (and its pages are fully accessible) no 
matter what user is logged on (also for 'guest'), although some_folder's 
security constraints are defined as:
   <security-constraints>
     <security-constraints-ref>manager</security-constraints-ref>
     <permissions>view</permissions>
   </security-constraints>
I've tried also further decreasing folder's access rights but it did not 
help.

Should it be like this? Any help and advices appreciated.

-- 
pozdrawiam,
     Jacek Wislicki

jacek.wislicki@gmail.com
tel.: +48 502 408 444
gg: 2540358
skype: jacek_wislicki

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

Re: jetspeed 2.0 FINAL

Posted by Jacek Wiślicki <ja...@gmail.com>.

Wiadomosc od Randy Watler z 2006-01-13 23:55 brzmiala:

> Sorry, I dont have a better answer at the moment.
Thanks for help :) Maybe you could try with "Administrative" subfolder 
in demo pages. My problem is more less around it.

-- 
pozdrawiam,
     Jacek Wislicki

jacek.wislicki@gmail.com
tel.: +48 502 408 444
gg: 2540358
skype: jacek_wislicki

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

Re: jetspeed 2.0 FINAL

Posted by Randy Watler <wa...@wispertel.net>.

Jacek,

I am not sure what the problem is. In general, the security stuff has
and does for many. It seems that you are trying the right things.

That said, I assume there must be a bug somewhere. Let me see if I can
recreate the problem here somehow.

Sorry, I dont have a better answer at the moment.

Randy 

On Fri, 2006-01-13 at 23:10 +0100, Jacek Wiślicki wrote:
> Wiadomosc od Randy Watler z 2006-01-13 22:54 brzmiala:
> 
> > Jacek,
> > 
> > That security constraint is malformed.
> > 
> > If you want to restrict view to managers only, please try something like
> > this:
> > 
> >   <security-constraints>
> >     <security-constraint>
> >       <roles>manager</roles>
> >       <permissions>view</permissions>
> >     </security-constraint>
> >   </security-constraints>
> Well, the previous code references the definition in page.security in 
> the root folder (as far as I remember the one included in Jetspeed demo 
> pages). Unfortunately, your code didn't help. Is it a bug or some 
> misconfiguration at my side?
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

Re: jetspeed 2.0 FINAL

Posted by Jacek Wiślicki <ja...@gmail.com>.

Wiadomosc od Randy Watler z 2006-01-13 22:54 brzmiala:

> Jacek,
> 
> That security constraint is malformed.
> 
> If you want to restrict view to managers only, please try something like
> this:
> 
>   <security-constraints>
>     <security-constraint>
>       <roles>manager</roles>
>       <permissions>view</permissions>
>     </security-constraint>
>   </security-constraints>
Well, the previous code references the definition in page.security in 
the root folder (as far as I remember the one included in Jetspeed demo 
pages). Unfortunately, your code didn't help. Is it a bug or some 
misconfiguration at my side?

-- 
pozdrawiam,
     Jacek Wislicki

jacek.wislicki@gmail.com
tel.: +48 502 408 444
gg: 2540358
skype: jacek_wislicki

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

Re: jetspeed 2.0 FINAL

Posted by Randy Watler <wa...@wispertel.net>.

Jacek,

That security constraint is malformed.

If you want to restrict view to managers only, please try something like
this:

  <security-constraints>
    <security-constraint>
      <roles>manager</roles>
      <permissions>view</permissions>
    </security-constraint>
  </security-constraints>

HTH,

Randy

On Fri, 2006-01-13 at 17:57 +0100, Jacek Wiślicki wrote:
> Hi,
> 	when I place in folder.metadata as a part of my declarative menu the 
> following element:
>    <options depth="-1">/some_folder/</options>
> it is listed in my decorator (and its pages are fully accessible) no 
> matter what user is logged on (also for 'guest'), although some_folder's 
> security constraints are defined as:
>    <security-constraints>
>      <security-constraints-ref>manager</security-constraints-ref>
>      <permissions>view</permissions>
>    </security-constraints>
> I've tried also further decreasing folder's access rights but it did not 
> help.
> 
> Should it be like this? Any help and advices appreciated.
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org