You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rave.apache.org by "Carlucci, Tony" <ac...@mitre.org> on 2011/10/26 19:57:14 UTC
New User Behavior Question
It appears that right now when a new user registers in Rave, they do not get any granted authority roles (including the all-important ROLE_USER). So a new user creates their account, then tries to login, and gets a 403 forbidden. Is this the behavior we want, where all new users must have the ROLE_USER applied manually by an admin, or do we want to automatically give ROLE_USER to new user accounts so they can login?
My vote would be for #2 (give them ROLE_USER automatically) but what do others think?
Thanks, Tony
---
Anthony Carlucci | SW App Dev Eng, Sr. | R501 / KW App Development & Maint
e: acarlucci@mitre.org<ma...@mitre.org> | v: 781.271.2432 | f: 781.271.3299
The MITRE Corporation | 202 Burlington Rd | Bedford, MA 01730-1420
Re: New User Behavior Question
Posted by Jasha Joachimsthal <j....@onehippo.com>.
For the demo portal giving new users the ROLE_USER automatically is okay. I
agree with Raminder that it should be configurable. Managing this setting
should be done through the admin interface (
http://incubator.apache.org/rave/documentation/admin-interface.html) so it
can be changed at runtime.
On 26 October 2011 20:05, Raminderjeet Singh <ra...@gmail.com>wrote:
> Portals may need both. We should make this configurable based on a property
> and when admin is setting up the portal can select the property. In case
> admin authorization is required we can add a page to display that user
> account is not active.
>
> Thanks
> Raminder
>
>
> On Oct 26, 2011, at 1:57 PM, Carlucci, Tony wrote:
>
> > It appears that right now when a new user registers in Rave, they do not
> get any granted authority roles (including the all-important ROLE_USER). So
> a new user creates their account, then tries to login, and gets a 403
> forbidden. Is this the behavior we want, where all new users must have the
> ROLE_USER applied manually by an admin, or do we want to automatically give
> ROLE_USER to new user accounts so they can login?
> >
> > My vote would be for #2 (give them ROLE_USER automatically) but what do
> others think?
> >
> > Thanks, Tony
> >
> > ---
> > Anthony Carlucci | SW App Dev Eng, Sr. | R501 / KW App Development &
> Maint
> > e: acarlucci@mitre.org<ma...@mitre.org> | v: 781.271.2432 |
> f: 781.271.3299
> > The MITRE Corporation | 202 Burlington Rd | Bedford, MA 01730-1420
> >
>
>
Re: New User Behavior Question
Posted by Marlon Pierce <mp...@cs.indiana.edu>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Some of these may already be in Jira, hanging from RAVE-135.
Marlon
On 10/26/11 6:21 PM, Franklin, Matthew B. wrote:
>
>> ________________________________________ From: Scott Wilson
>> [scott.bradley.wilson@gmail.com] Sent: Wednesday, October 26,
>> 2011 3:12 PM To: rave-dev@incubator.apache.org Subject: Re: New
>> User Behavior Question
>>
>> On 26 Oct 2011, at 19:05, Raminderjeet Singh wrote:
>>
>>> Portals may need both. We should make this configurable based
>>> on a property and when admin is setting up the portal can
>>> select the property. In case admin authorization is required we
>>> can add a page to display that user account is not active.
>>
>> Wouldn't it be more useful to disable registration in that case
>> rather than enable registration, but have it not work?
>>
>> I think self-registration is something that should be
>> configurable (with the default as enabled). However once a user
>> has successfully registered (having gone through the usual
>> bot-detection process), I don't see a problem with immediately
>> granting a basic access role.
>>
>> So I'm +1 on option #2.
>
> +1 for option #2; though, I think we should open a new ticket for a
> future release that makes it a configuration option. I could see a
> case where a portal administrator would want to enable self-service
> sign ups but would require administrator action before it is
> enabled.
>
>>>
>>> Thanks Raminder
>>>
>>>
>>> On Oct 26, 2011, at 1:57 PM, Carlucci, Tony wrote:
>>>
>>>> It appears that right now when a new user registers in Rave,
>>>> they do not get any granted authority roles (including the
>>>> all-important ROLE_USER). So a new user creates their
>>>> account, then tries to login, and gets a 403 forbidden. Is
>>>> this the behavior we want, where all new users must have the
>>>> ROLE_USER applied manually by an admin, or do we want to
>>>> automatically give ROLE_USER to new user accounts so they can
>>>> login?
>>>>
>>>> My vote would be for #2 (give them ROLE_USER automatically)
>>>> but what do others think?
>>>
>>>> Thanks, Tony
>>>>
>>>> --- Anthony Carlucci | SW App Dev Eng, Sr. | R501 / KW App
>>>> Development & Maint e:
>>>> acarlucci@mitre.org<ma...@mitre.org> | v:
>>>> 781.271.2432 | f: 781.271.3299 The MITRE Corporation | 202
>>>> Burlington Rd | Bedford, MA 01730-1420
>>>>
>>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOqIorAAoJEOEgD2XReDo5cewH/3J8VVvxfkwUcju0aQMEGGKp
xoWS2CXoVYZxasTgEcfPAFtc95/5Z7orSekIZ05kQjRawxbaEdZORoVP0f7X3oAi
04SSwhid21dFLVwp7zhcvcJrVsGe7Id8T8AB69HZq2a0wgrl4uTUaB/Wq0fm+uKa
vhh+gXkDA1DIG3P7fK79ZBYQn+vCSbWacg+mxubPQRn6925hTJGWIolNeDQQXkE6
eUcqd6kCvRO4+e/zFA+ZdhAAHHooL3EjiBp3xmOxVAq8nHMpUMEiS9h2l6gSXzC5
qGHMNU3NDDx5p9DxqG1470qUUSNW7UKrNcNuMJ6A678AFFx4AiupFCCDQstuMpk=
=m7X5
-----END PGP SIGNATURE-----
RE: New User Behavior Question
Posted by "Franklin, Matthew B." <mf...@mitre.org>.
>________________________________________
>From: Scott Wilson [scott.bradley.wilson@gmail.com]
>Sent: Wednesday, October 26, 2011 3:12 PM
>To: rave-dev@incubator.apache.org
>Subject: Re: New User Behavior Question
>
>On 26 Oct 2011, at 19:05, Raminderjeet Singh wrote:
>
>> Portals may need both. We should make this configurable based on a property and when admin is setting up the portal can select the property. In case admin authorization is required we can add a page to display that user account is not active.
>
>Wouldn't it be more useful to disable registration in that case rather than enable registration, but have it not work?
>
>I think self-registration is something that should be configurable (with the default as enabled). However once a user has successfully registered (having gone through the usual bot-detection process), I don't see a problem with immediately granting a basic access role.
>
>So I'm +1 on option #2.
+1 for option #2; though, I think we should open a new ticket for a future release that makes it a configuration option. I could see a case where a portal administrator would want to enable self-service sign ups but would require administrator action before it is enabled.
>>
>> Thanks
>> Raminder
>>
>>
>> On Oct 26, 2011, at 1:57 PM, Carlucci, Tony wrote:
>>
>>> It appears that right now when a new user registers in Rave, they do not get any granted authority roles (including the all-important ROLE_USER). So a new user creates their account, then tries to login, and gets a 403 forbidden. Is this the behavior we want, where all new users must have the ROLE_USER applied manually by an admin, or do we want to automatically give ROLE_USER to new user accounts so they can login?
>>>
>>> My vote would be for #2 (give them ROLE_USER automatically) but what do others think?
>>
>>> Thanks, Tony
>>>
>>> ---
>>> Anthony Carlucci | SW App Dev Eng, Sr. | R501 / KW App Development & Maint
>>> e: acarlucci@mitre.org<ma...@mitre.org> | v: 781.271.2432 | f: 781.271.3299
>>> The MITRE Corporation | 202 Burlington Rd | Bedford, MA 01730-1420
>>>
>>
Re: New User Behavior Question
Posted by Scott Wilson <sc...@gmail.com>.
On 26 Oct 2011, at 19:05, Raminderjeet Singh wrote:
> Portals may need both. We should make this configurable based on a property and when admin is setting up the portal can select the property. In case admin authorization is required we can add a page to display that user account is not active.
Wouldn't it be more useful to disable registration in that case rather than enable registration, but have it not work?
I think self-registration is something that should be configurable (with the default as enabled). However once a user has successfully registered (having gone through the usual bot-detection process), I don't see a problem with immediately granting a basic access role.
So I'm +1 on option #2.
>
> Thanks
> Raminder
>
>
> On Oct 26, 2011, at 1:57 PM, Carlucci, Tony wrote:
>
>> It appears that right now when a new user registers in Rave, they do not get any granted authority roles (including the all-important ROLE_USER). So a new user creates their account, then tries to login, and gets a 403 forbidden. Is this the behavior we want, where all new users must have the ROLE_USER applied manually by an admin, or do we want to automatically give ROLE_USER to new user accounts so they can login?
>>
>> My vote would be for #2 (give them ROLE_USER automatically) but what do others think?
>>
>> Thanks, Tony
>>
>> ---
>> Anthony Carlucci | SW App Dev Eng, Sr. | R501 / KW App Development & Maint
>> e: acarlucci@mitre.org<ma...@mitre.org> | v: 781.271.2432 | f: 781.271.3299
>> The MITRE Corporation | 202 Burlington Rd | Bedford, MA 01730-1420
>>
>
Re: New User Behavior Question
Posted by Raminderjeet Singh <ra...@gmail.com>.
Portals may need both. We should make this configurable based on a property and when admin is setting up the portal can select the property. In case admin authorization is required we can add a page to display that user account is not active.
Thanks
Raminder
On Oct 26, 2011, at 1:57 PM, Carlucci, Tony wrote:
> It appears that right now when a new user registers in Rave, they do not get any granted authority roles (including the all-important ROLE_USER). So a new user creates their account, then tries to login, and gets a 403 forbidden. Is this the behavior we want, where all new users must have the ROLE_USER applied manually by an admin, or do we want to automatically give ROLE_USER to new user accounts so they can login?
>
> My vote would be for #2 (give them ROLE_USER automatically) but what do others think?
>
> Thanks, Tony
>
> ---
> Anthony Carlucci | SW App Dev Eng, Sr. | R501 / KW App Development & Maint
> e: acarlucci@mitre.org<ma...@mitre.org> | v: 781.271.2432 | f: 781.271.3299
> The MITRE Corporation | 202 Burlington Rd | Bedford, MA 01730-1420
>