You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Masahi Nakane <na...@ebpass.com> on 2005/12/24 18:08:09 UTC
Groups and Roles,users and Hierarchy
Hello guys,
I read around
http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/index.ht
ml
But ,difficult for me. Is there any simple code and easy way to understand
about Hierarchy
Management?
I have jetspeed2 demo site and sources with tomcat 5.0.
And I have 2 users bob and john.
Bob is boss of john's
Each user can insert a data into customer list table( my original table)
and the customer data is assigned to the user who inserted.
Say, John and Bob can insert customer data but
Bob can see both of data(John's and Bob's ) but John can see his own only
because of the Hierarchy. Boss can see the staff's data, not vice versa.
Now , I want to know exactly how to make Hierarchy and make it related to
user
with Jetspeed2 or Jetspeed2 demo.
And I need to get the role infomation by some method of some object when
each user log in
and see the customer list which page is visible for loggedin users.
I think this is not about profiler because the page of customer list is
visible to both users.
This is about just hierachy. I need method something like this
public boolean isThisDataAvailableForThisUser( User dataowner ,User
loginuser )
And What is the difference between groups and roles?
Both can be related to users and can have hierachy right?
Thanks in Advance.
Masashi
****************************************
Masashi Nakane
Chief Application Engineer
EBPass, Inc.
55 Broad St., 11th Floor, New York, NY 10004, USA
(Office) 212-487-9070
(Fax) 212-202-5067
nakane@ebpass.com
www.ebpass.com
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
RE: Groups and Roles,users and Hierarchy
Posted by "Masashi Nakane@EBPass" <na...@ebpass.com>.
Thanks for replying very much ,Randy
>1. Roles and groups are not hierarchical.
Oh, really?
I thought the below url page said
that the j2 default authorization implemented Hierarchy roles or groups.
http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/hierarch
y.html
And If I register some hierarchical roles or groups with Preference api or
something ,
then I can get answer about authorization api . No?
Or Do you mean j2-admin demo doesn't implement it by that.
If so , I can create my admin portlets . Otherwise , I got to go to JIRA.
>As it is now, the permissions"hierarchy" must be managed explicitly
> in the security constraints.
Yeah , security constraints with directory structure , I understand.
>2. Roles and Groups are parallel symmetric implementations.
OK, that is what i thinnk of as well.
>3. For data accessibility within the portlet, I'd suggest looking at the
>isUserInRole() API that is part of the JSR-168 specification.
>In the end, you may have to come up with your own custom strategy.
>Please search the user list archives... user/role/group
>authorization/authentication is a common and multi-faceted topic!
Thanks, I will try and post if I got any update.
Masashi
-----Original Message-----
From: Randy Watler [mailto:watler@wispertel.net]
Sent: Saturday, December 24, 2005 12:42 PM
To: Jetspeed Users List
Subject: Re: Groups and Roles,users and Hierarchy
Masashi:
I can answer a few of your questions:
1. Roles and groups are not hierarchical. It is an interesting design
though, so you might want to enter a JIRA enhancement request for
hierarchically arranged roles and groups. As it is now, the permissions
"hierarchy" must be managed explicitly in the security constraints.
2. Roles and Groups are parallel symmetric implementations. The general
approach is that one is used by the profiler as the primary page
selection criteria and the other is uses to fine tune the end result
using security. Well, that is how I think of it anyway... :-).
3. For data accessibility within the portlet, I'd suggest looking at the
isUserInRole() API that is part of the JSR-168 specification. It works
with the J2 roles assigned to users.
In the end, you may have to come up with your own custom strategy.
Please search the user list archives... user/role/group
authorization/authentication is a common and multi-faceted topic!
HTH,
Randy
On Sat, 2005-12-24 at 12:08 -0500, Masahi Nakane wrote:
> Hello guys,
>
> I read around
>
http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/index.ht
> ml
>
> But ,difficult for me. Is there any simple code and easy way to
understand
> about Hierarchy
> Management?
>
> I have jetspeed2 demo site and sources with tomcat 5.0.
>
> And I have 2 users bob and john.
> Bob is boss of john's
>
> Each user can insert a data into customer list table( my original
table)
> and the customer data is assigned to the user who inserted.
> Say, John and Bob can insert customer data but
> Bob can see both of data(John's and Bob's ) but John can see his own
only
> because of the Hierarchy. Boss can see the staff's data, not vice versa.
>
> Now , I want to know exactly how to make Hierarchy and make it related
to
> user
> with Jetspeed2 or Jetspeed2 demo.
> And I need to get the role infomation by some method of some object when
> each user log in
> and see the customer list which page is visible for loggedin users.
> I think this is not about profiler because the page of customer list is
> visible to both users.
> This is about just hierachy. I need method something like this
>
> public boolean isThisDataAvailableForThisUser( User dataowner ,User
> loginuser )
>
> And What is the difference between groups and roles?
> Both can be related to users and can have hierachy right?
>
> Thanks in Advance.
>
> Masashi
>
> ****************************************
> Masashi Nakane
> Chief Application Engineer
> EBPass, Inc.
> 55 Broad St., 11th Floor, New York, NY 10004, USA
> (Office) 212-487-9070
> (Fax) 212-202-5067
>
> nakane@ebpass.com
> www.ebpass.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Groups and Roles,users and Hierarchy
Posted by Randy Watler <wa...@wispertel.net>.
Masashi:
I can answer a few of your questions:
1. Roles and groups are not hierarchical. It is an interesting design
though, so you might want to enter a JIRA enhancement request for
hierarchically arranged roles and groups. As it is now, the permissions
"hierarchy" must be managed explicitly in the security constraints.
2. Roles and Groups are parallel symmetric implementations. The general
approach is that one is used by the profiler as the primary page
selection criteria and the other is uses to fine tune the end result
using security. Well, that is how I think of it anyway... :-).
3. For data accessibility within the portlet, I'd suggest looking at the
isUserInRole() API that is part of the JSR-168 specification. It works
with the J2 roles assigned to users.
In the end, you may have to come up with your own custom strategy.
Please search the user list archives... user/role/group
authorization/authentication is a common and multi-faceted topic!
HTH,
Randy
On Sat, 2005-12-24 at 12:08 -0500, Masahi Nakane wrote:
> Hello guys,
>
> I read around
> http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/index.ht
> ml
>
> But ,difficult for me. Is there any simple code and easy way to understand
> about Hierarchy
> Management?
>
> I have jetspeed2 demo site and sources with tomcat 5.0.
>
> And I have 2 users bob and john.
> Bob is boss of john's
>
> Each user can insert a data into customer list table( my original table)
> and the customer data is assigned to the user who inserted.
> Say, John and Bob can insert customer data but
> Bob can see both of data(John's and Bob's ) but John can see his own only
> because of the Hierarchy. Boss can see the staff's data, not vice versa.
>
> Now , I want to know exactly how to make Hierarchy and make it related to
> user
> with Jetspeed2 or Jetspeed2 demo.
> And I need to get the role infomation by some method of some object when
> each user log in
> and see the customer list which page is visible for loggedin users.
> I think this is not about profiler because the page of customer list is
> visible to both users.
> This is about just hierachy. I need method something like this
>
> public boolean isThisDataAvailableForThisUser( User dataowner ,User
> loginuser )
>
> And What is the difference between groups and roles?
> Both can be related to users and can have hierachy right?
>
> Thanks in Advance.
>
> Masashi
>
> ****************************************
> Masashi Nakane
> Chief Application Engineer
> EBPass, Inc.
> 55 Broad St., 11th Floor, New York, NY 10004, USA
> (Office) 212-487-9070
> (Fax) 212-202-5067
>
> nakane@ebpass.com
> www.ebpass.com
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org