You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by MikeCrosby <mc...@yahoo.com> on 2007/02/16 19:32:58 UTC
Restricting available portlets in portlet selector
I'm developing a custom portal using JS2.0 that will allow users to modify
the portlets available on their home page. The problem I'm running into is
that when the user clicks on the customizer to select portlets, I do not
want the j2-admin portlets to be displayed.
I saw a response to a similar post stating that admin portlets should only
be displayed for users with the "admin" role. I have verified that all of
my users have the simple "user" role. Can someone point me in the right
direction? The j2-admin portlets should not be displayed for those who
don't have the "admin" role.
Also, is it possible to restrict which portlets are displayed based on the
users' roles? For example--users with an "accounting" role can see one set
of available portlets while users with a "manufacturing" role can see a
separate set. Is that possible?
--
View this message in context: http://www.nabble.com/Restricting-available-portlets-in-portlet-selector-tf3241150.html#a9009886
Sent from the Jetspeed - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Help with first time build and deploy of JetSpeed2
Posted by Elif Guner <el...@gmail.com>.
Hi Vijay,
I came across that a few times and I remember it having to do with one
of the jar files missing in tomcat lib directory. Either velocity jar
file has to be in your TOMCAT_HOME/common/endorsed or shared/lib...
Sorry for being vague, that's all I can remember...
Elif
On 2/16/07, VJ Thinker <vj...@yahoo.com> wrote:
> Hi All,
>
> After compiling and deploying JetSpeed2 portal for the first time within our environment we get the following error on the browser when we try to access it:
>
> Failed to retrieve Portlet Definition for jetspeed-layouts::VelocityTwoColumns
>
> The last few lines of velocity.log on the server look good:
> ...
> 2007-02-16 17:43:17,962 [main] INFO velocity - Velocimacro : initialization complete.
> 2007-02-16 17:43:17,962 [main] INFO velocity - Velocity successfully started.
> 2007-02-16 17:43:18,036 [main] INFO velocity - VelocityViewServlet: Default content-type is: text/html
>
> However, the jetspeed.log file shows the following log fragment:
> ...
> 2007-02-16 18:09:25,094 [http-8080-Processor23] INFO org.apache.jetspeed.container.window.impl.PortletWindowAccessorImpl - No portlet entity defined for fragment ID min-dp attempting to auto-generate...
> 2007-02-16 18:09:25,095 [http-8080-Processor23] WARN org.apache.jetspeed.components.portletentity.PersistenceBrokerPortletEntityAccess - Failed to retrieve Portlet Definition for jetspeed-layouts::VelocityTwoColumns
> 2007-02-16 18:09:25,097 [http-8080-Processor23] ERROR org.apache.jetspeed.aggregator.impl.PortletRendererImpl - java.lang.NullPointerException
> java.lang.NullPointerException
> at org.apache.jetspeed.aggregator.impl.PortletRendererImpl.getExpirationCache(PortletRendererImpl.java:244)
> at org.apache.jetspeed.aggregator.impl.PortletRendererImpl.renderNow(PortletRendererImpl.java:195)
>
> We compiled and deployed the JetSpeed-dev 2.1 using Maven 2 (had to make a change to workspace/jetspeed-2/components/cm/pom.xml to include a reference to oro package).
>
> Any help to resolve this issue, really appreciated. Best regards,
>
> Vijay
>
>
>
> ---------------------------------
> No need to miss a message. Get email on-the-go
> with Yahoo! Mail for Mobile. Get started.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Resolved: Restricting available portlets in portlet selector
Posted by MikeCrosby <mc...@yahoo.com>.
David,
Thanks for pointing me in this direction. I took a look at the tables you
mentioned. What I found is that the user role was granted permission to the
j2-admin portlets in the PRINCIPAL_PERMISSION table.
Permission id = 108 (j2-admin portlets)
Principal id = 8 ("/role/user")
I modified the entry so that the admin role has permission ("/role/admin"),
and the j2-admin portlets no longer appear for selection in the portlet
selector for the common user role. However, they will appear for the admin
user.
This little bit of information will definitely come in handy for me in the
future with restricting portlets in the portlet selector.
David Sean Taylor wrote:
>
>
> On Feb 16, 2007, at 1:06 PM, MikeCrosby wrote:
>
>>
>> Thanks again for the clarification.
>>
>> With that being said, is it possible then in JS2.0 to go directly
>> into the
>> SECURITY_PERMISSION table and modify the entry in some way that
>> only users
>> with the "admin" role have access to all j2-admin portlets? I'm
>> still a
>> little fuzzy how that works and what the relations are in the
>> tables. Is
>> that documented somewhere?
>>
> This should really be the default behavior, so I am surprised that
> you are seeing it behave differently.
>
> Try this query and let us know what you get
>
> SELECT * FROM .SECURITY_PERMISSION
>
> SELECT * FROM SECURITY_PRINCIPAL
>
> SELECT * FROM PRINCIPAL_PERMISSION
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Restricting-available-portlets-in-portlet-selector-tf3241150.html#a9063569
Sent from the Jetspeed - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Help with first time build and deploy of JetSpeed2
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Feb 16, 2007, at 6:14 PM, VJ Thinker wrote:
> Hi All,
>
> After compiling and deploying JetSpeed2 portal for the first
> time within our environment we get the following error on the
> browser when we try to access it:
>
> Failed to retrieve Portlet Definition for jetspeed-
> layouts::VelocityTwoColumns
>
> The last few lines of velocity.log on the server look good:
> ...
> 2007-02-16 17:43:17,962 [main] INFO velocity - Velocimacro :
> initialization complete.
> 2007-02-16 17:43:17,962 [main] INFO velocity - Velocity
> successfully started.
> 2007-02-16 17:43:18,036 [main] INFO velocity -
> VelocityViewServlet: Default content-type is: text/html
>
> However, the jetspeed.log file shows the following log fragment:
> ...
> 2007-02-16 18:09:25,094 [http-8080-Processor23] INFO
> org.apache.jetspeed.container.window.impl.PortletWindowAccessorImpl
> - No portlet entity defined for fragment ID min-dp attempting to
> auto-generate...
> 2007-02-16 18:09:25,095 [http-8080-Processor23] WARN
> org.apache.jetspeed.components.portletentity.PersistenceBrokerPortletE
> ntityAccess - Failed to retrieve Portlet Definition for jetspeed-
> layouts::VelocityTwoColumns
> 2007-02-16 18:09:25,097 [http-8080-Processor23] ERROR
> org.apache.jetspeed.aggregator.impl.PortletRendererImpl -
> java.lang.NullPointerException
> java.lang.NullPointerException
> at
> org.apache.jetspeed.aggregator.impl.PortletRendererImpl.getExpirationC
> ache(PortletRendererImpl.java:244)
> at
> org.apache.jetspeed.aggregator.impl.PortletRendererImpl.renderNow
> (PortletRendererImpl.java:195)
>
> We compiled and deployed the JetSpeed-dev 2.1 using Maven 2
> (had to make a change to workspace/jetspeed-2/components/cm/pom.xml
> to include a reference to oro package).
>
Im not sure why the PA would be null, but I added a check for a null
PA, just checked in
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Help with first time build and deploy of JetSpeed2
Posted by VJ Thinker <vj...@yahoo.com>.
Hi All,
After compiling and deploying JetSpeed2 portal for the first time within our environment we get the following error on the browser when we try to access it:
Failed to retrieve Portlet Definition for jetspeed-layouts::VelocityTwoColumns
The last few lines of velocity.log on the server look good:
...
2007-02-16 17:43:17,962 [main] INFO velocity - Velocimacro : initialization complete.
2007-02-16 17:43:17,962 [main] INFO velocity - Velocity successfully started.
2007-02-16 17:43:18,036 [main] INFO velocity - VelocityViewServlet: Default content-type is: text/html
However, the jetspeed.log file shows the following log fragment:
...
2007-02-16 18:09:25,094 [http-8080-Processor23] INFO org.apache.jetspeed.container.window.impl.PortletWindowAccessorImpl - No portlet entity defined for fragment ID min-dp attempting to auto-generate...
2007-02-16 18:09:25,095 [http-8080-Processor23] WARN org.apache.jetspeed.components.portletentity.PersistenceBrokerPortletEntityAccess - Failed to retrieve Portlet Definition for jetspeed-layouts::VelocityTwoColumns
2007-02-16 18:09:25,097 [http-8080-Processor23] ERROR org.apache.jetspeed.aggregator.impl.PortletRendererImpl - java.lang.NullPointerException
java.lang.NullPointerException
at org.apache.jetspeed.aggregator.impl.PortletRendererImpl.getExpirationCache(PortletRendererImpl.java:244)
at org.apache.jetspeed.aggregator.impl.PortletRendererImpl.renderNow(PortletRendererImpl.java:195)
We compiled and deployed the JetSpeed-dev 2.1 using Maven 2 (had to make a change to workspace/jetspeed-2/components/cm/pom.xml to include a reference to oro package).
Any help to resolve this issue, really appreciated. Best regards,
Vijay
---------------------------------
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.
Re: Restricting available portlets in portlet selector
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Feb 16, 2007, at 1:06 PM, MikeCrosby wrote:
>
> Thanks again for the clarification.
>
> With that being said, is it possible then in JS2.0 to go directly
> into the
> SECURITY_PERMISSION table and modify the entry in some way that
> only users
> with the "admin" role have access to all j2-admin portlets? I'm
> still a
> little fuzzy how that works and what the relations are in the
> tables. Is
> that documented somewhere?
>
This should really be the default behavior, so I am surprised that
you are seeing it behave differently.
Try this query and let us know what you get
SELECT * FROM .SECURITY_PERMISSION
SELECT * FROM SECURITY_PRINCIPAL
SELECT * FROM PRINCIPAL_PERMISSION
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Restricting available portlets in portlet selector
Posted by MikeCrosby <mc...@yahoo.com>.
Thanks again for the clarification.
With that being said, is it possible then in JS2.0 to go directly into the
SECURITY_PERMISSION table and modify the entry in some way that only users
with the "admin" role have access to all j2-admin portlets? I'm still a
little fuzzy how that works and what the relations are in the tables. Is
that documented somewhere?
I'm hoping to migrate to 2.1 once it is ready for distribution and I have a
chance to test it on my development server. My users are anxious to have
drag-and-drop capabilities for their portal pages, and it appears 2.1 will
make my job easier maintaining the site.
Thanks again for your assistance.
David Sean Taylor wrote:
>
>
> On Feb 16, 2007, at 11:40 AM, MikeCrosby wrote:
>
>>
>> Thanks for the reply, David. Perhaps the problem is that I don't
>> quite
>> understand security constraint settings and how they correspond to
>> portlets
>> displayed in the selector when customizing the page.
>>
>> Each user of the portal has their own folder under the '_users'
>> directory
>> that contains a 'default-page.psml.' Within each file, I have the
>> following:
>>
>> [security-constraints]
>> [security-constraint]
>> [users]username[/users]
>> [permissions]view, edit[/permissions]
>> [/security-constraint]
>> [/security-constraints]
>>
>> Then, within the 'folder.metada' file, the only thing I have is:
>>
>> [security-constraints]
>> [security-constraints-ref]public-view[/security-constraints-
>> ref]
>> [/security-constraints]
>>
>> I have read the documentation at
>> http://portals.apache.org/jetspeed-2/guides/guide-security-
>> declarative-psml.html
>> multiple times and am not sure if I'm setting up the security
>> constraints
>> properly.
>>
>> As I mentioned, when a user edits the page, I only want a subset of
>> portlets
>> displayed in the portlet selector popup based on the user's role.
>> Right
>> now, all deployed portlets are displayed, including the j2-admin.
>>
> Sorry Mike, I gave you the wrong recommendation. The selector is not
> constrained by page security in psml and folders.
>
> The Portlet Selector is filtered by Security Permissions and ran
> against the current user's roles.
> In version 2.0, Security Permissions are configured in the SQL seed
> data:
>
> INSERT INTO SECURITY_PERMISSION VALUES
> (100,'org.apache.jetspeed.security.PortletPermission','j2-
> admin::*','view, edit','2004-05-22 16:27:12.572','2004-05-22
> 16:27:12.572');
> INSERT INTO PRINCIPAL_PERMISSION VALUES(6,100);
>
> With 2.1, you can configure portlet checks to either use constraints
> or permissions.
> There is also a UI for editing constraints and permissions, as well
> as XML data for entering your initial settings
>
>> On a side note, how would one specify that a particular subset of
>> portlets
>> be displayed in that popup window in JS2.0? I would think there
>> would need
>> to be something perhaps in the portlet.xml file so that when the
>> war is
>> deployed, JS would have a way to determine who can select it for
>> their page.
>>
>> Am I totally off base?
>>
>
> A security permission is granted
>
> org.apache.jetspeed.security.PortletPermission','new-app::*','view,
> edit'
>
> and then then access is granted to all users with role "user"
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Restricting-available-portlets-in-portlet-selector-tf3241150.html#a9012400
Sent from the Jetspeed - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Restricting available portlets in portlet selector
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Feb 16, 2007, at 11:40 AM, MikeCrosby wrote:
>
> Thanks for the reply, David. Perhaps the problem is that I don't
> quite
> understand security constraint settings and how they correspond to
> portlets
> displayed in the selector when customizing the page.
>
> Each user of the portal has their own folder under the '_users'
> directory
> that contains a 'default-page.psml.' Within each file, I have the
> following:
>
> [security-constraints]
> [security-constraint]
> [users]username[/users]
> [permissions]view, edit[/permissions]
> [/security-constraint]
> [/security-constraints]
>
> Then, within the 'folder.metada' file, the only thing I have is:
>
> [security-constraints]
> [security-constraints-ref]public-view[/security-constraints-
> ref]
> [/security-constraints]
>
> I have read the documentation at
> http://portals.apache.org/jetspeed-2/guides/guide-security-
> declarative-psml.html
> multiple times and am not sure if I'm setting up the security
> constraints
> properly.
>
> As I mentioned, when a user edits the page, I only want a subset of
> portlets
> displayed in the portlet selector popup based on the user's role.
> Right
> now, all deployed portlets are displayed, including the j2-admin.
>
Sorry Mike, I gave you the wrong recommendation. The selector is not
constrained by page security in psml and folders.
The Portlet Selector is filtered by Security Permissions and ran
against the current user's roles.
In version 2.0, Security Permissions are configured in the SQL seed
data:
INSERT INTO SECURITY_PERMISSION VALUES
(100,'org.apache.jetspeed.security.PortletPermission','j2-
admin::*','view, edit','2004-05-22 16:27:12.572','2004-05-22
16:27:12.572');
INSERT INTO PRINCIPAL_PERMISSION VALUES(6,100);
With 2.1, you can configure portlet checks to either use constraints
or permissions.
There is also a UI for editing constraints and permissions, as well
as XML data for entering your initial settings
> On a side note, how would one specify that a particular subset of
> portlets
> be displayed in that popup window in JS2.0? I would think there
> would need
> to be something perhaps in the portlet.xml file so that when the
> war is
> deployed, JS would have a way to determine who can select it for
> their page.
>
> Am I totally off base?
>
A security permission is granted
org.apache.jetspeed.security.PortletPermission','new-app::*','view,
edit'
and then then access is granted to all users with role "user"
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Restricting available portlets in portlet selector
Posted by MikeCrosby <mc...@yahoo.com>.
Thanks for the reply, David. Perhaps the problem is that I don't quite
understand security constraint settings and how they correspond to portlets
displayed in the selector when customizing the page.
Each user of the portal has their own folder under the '_users' directory
that contains a 'default-page.psml.' Within each file, I have the following:
[security-constraints]
[security-constraint]
[users]username[/users]
[permissions]view, edit[/permissions]
[/security-constraint]
[/security-constraints]
Then, within the 'folder.metada' file, the only thing I have is:
[security-constraints]
[security-constraints-ref]public-view[/security-constraints-ref]
[/security-constraints]
I have read the documentation at
http://portals.apache.org/jetspeed-2/guides/guide-security-declarative-psml.html
multiple times and am not sure if I'm setting up the security constraints
properly.
As I mentioned, when a user edits the page, I only want a subset of portlets
displayed in the portlet selector popup based on the user's role. Right
now, all deployed portlets are displayed, including the j2-admin.
On a side note, how would one specify that a particular subset of portlets
be displayed in that popup window in JS2.0? I would think there would need
to be something perhaps in the portlet.xml file so that when the war is
deployed, JS would have a way to determine who can select it for their page.
Am I totally off base?
Thanks,
Mike
David Sean Taylor wrote:
>
>
>
> This should be working on 2.0.
> Could you check the security constraint setting for the folder and
> page that you are customizing and send it to us
> (folder.metadata holds the folder constraint)
>
>
--
View this message in context: http://www.nabble.com/Restricting-available-portlets-in-portlet-selector-tf3241150.html#a9011087
Sent from the Jetspeed - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
Re: Restricting available portlets in portlet selector
Posted by David Sean Taylor <da...@bluesunrise.com>.
On Feb 16, 2007, at 10:32 AM, MikeCrosby wrote:
>
> I'm developing a custom portal using JS2.0 that will allow users to
> modify
> the portlets available on their home page. The problem I'm running
> into is
> that when the user clicks on the customizer to select portlets, I
> do not
> want the j2-admin portlets to be displayed.
>
> I saw a response to a similar post stating that admin portlets
> should only
> be displayed for users with the "admin" role. I have verified that
> all of
> my users have the simple "user" role. Can someone point me in the
> right
> direction? The j2-admin portlets should not be displayed for those
> who
> don't have the "admin" role.
>
> Also, is it possible to restrict which portlets are displayed based
> on the
> users' roles? For example--users with an "accounting" role can see
> one set
> of available portlets while users with a "manufacturing" role can
> see a
> separate set. Is that possible?
>
This should be working on 2.0.
Could you check the security constraint setting for the folder and
page that you are customizing and send it to us
(folder.metadata holds the folder constraint)
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org