You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by David Taylor <da...@gmail.com> on 2011/10/04 09:17:01 UTC
Re: svn commit: r1178678 - in /portals/jetspeed-2:
applications/j2-admin/trunk/src/main/webapp/WEB-INF/ portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/
portal/trunk/applications/jetspeed/src/main/weba
Ate,
Why are you adding all of these security-constraints-refs to the pages
if the folder already has the exact same security-constraints-ref? The
security constraint is inherited from the folder and the page
constraints are unnecessary
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
Thanks,
--
David
On Mon, Oct 3, 2011 at 9:10 PM, <at...@apache.org> wrote:
> Author: ate
> Date: Tue Oct 4 04:10:42 2011
> New Revision: 1178678
>
> URL: http://svn.apache.org/viewvc?rev=1178678&view=rev
> Log:
> JS2-1263: Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
> Both portlet render time enforcement of admin constraints and related psml level admin constraints (hiding portlets/pages instead of showing 'Access Denied') added
> See also JS2-1262 for more detail concerning individual portlet render time constraints checking configuration.
>
> Portlets/pages 'locked down' this way:
> - PAM (Portlet Application Manager)
> - RPAD (Remote Portlet Application Deployer)
> - Permissions & Constraints management
> - PortalDataSerializer (Import/Export)
>
> Modified:
> portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>
> Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml (original)
> +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml Tue Oct 4 04:10:42 2011
> @@ -157,6 +157,48 @@
> <js:metadata name="selector.conditional.role">*</js:metadata>
> </portlet>
>
> + <!-- Render time enforced security constaints (admin) -->
> +
> + <!-- PAM portlets -->
> + <portlet>
> + <portlet-name>RegistryApplicationsList</portlet-name>
> + <js:metadata name="render-time.security-constraints">true</js:metadata>
> + </portlet>
> + <portlet>
> + <portlet-name>PortletDetailsManager</portlet-name>
> + <js:metadata name="render-time.security-constraints">true</js:metadata>
> + </portlet>
> + <portlet>
> + <portlet-name>ApplicationDetails</portlet-name>
> + <js:metadata name="render-time.security-constraints">true</js:metadata>
> + </portlet>
> + <portlet>
> + <portlet-name>PortletCloneManager</portlet-name>
> + <js:metadata name="render-time.security-constraints">true</js:metadata>
> + </portlet>
> +
> + <!-- Permissions and Constraints -->
> + <portlet>
> + <portlet-name>SecurityPermissionsPortlet</portlet-name>
> + <js:metadata name="render-time.security-constraints">true</js:metadata>
> + </portlet>
> + <portlet>
> + <portlet-name>SecurityConstraintsPortlet</portlet-name>
> + <js:metadata name="render-time.security-constraints">true</js:metadata>
> + </portlet>
> +
> + <!-- RPAD -->
> + <portlet>
> + <portlet-name>RPADPortlet</portlet-name>
> + <js:metadata name="render-time.security-constraints">true</js:metadata>
> + </portlet>
> +
> + <!-- Serializer -->
> + <portlet>
> + <portlet-name>PortalDataSerializer</portlet-name>
> + <js:metadata name="render-time.security-constraints">true</js:metadata>
> + </portlet>
> +
> <js:services>
> <js:service name='ApplicationServerManager' />
> <js:service name='DeploymentManager' />
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml Tue Oct 4 04:10:42 2011
> @@ -43,4 +43,7 @@ limitations under the License.
> <property layout="TwoColumns" name="column" value="1" />
> </fragment>
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml Tue Oct 4 04:10:42 2011
> @@ -26,5 +26,7 @@ limitations under the License.
> <property name="column" value="0" layout="OneColumn"/>
> </fragment>
> </fragment>
> -
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml Tue Oct 4 04:10:42 2011
> @@ -24,5 +24,7 @@ limitations under the License.
> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
> </fragment>
> -
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml Tue Oct 4 04:10:42 2011
> @@ -24,4 +24,7 @@ limitations under the License.
> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml Tue Oct 4 04:10:42 2011
> @@ -24,4 +24,7 @@ limitations under the License.
> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
> @@ -43,4 +43,7 @@ limitations under the License.
> <property layout="TwoColumns" name="column" value="1" />
> </fragment>
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
> @@ -26,5 +26,7 @@ limitations under the License.
> <property name="column" value="0" layout="OneColumn"/>
> </fragment>
> </fragment>
> -
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
> @@ -24,5 +24,7 @@ limitations under the License.
> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
> </fragment>
> -
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml Tue Oct 4 04:10:42 2011
> @@ -24,4 +24,7 @@ limitations under the License.
> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml Tue Oct 4 04:10:42 2011
> @@ -24,4 +24,7 @@ limitations under the License.
> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml Tue Oct 4 04:10:42 2011
> @@ -28,6 +28,9 @@ limitations under the License.
> <fragment id="admin-db-1010" type="portlet" name="j2-admin::PortalDataSerializer">
> <property name="row" value="0" />
> <property name="column" value="1" />
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </fragment>
> </fragment>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
> @@ -43,4 +43,7 @@ limitations under the License.
> <property layout="TwoColumns" name="column" value="1" />
> </fragment>
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
> @@ -27,5 +27,7 @@ limitations under the License.
> <property name="column" value="0" layout="OneColumn"/>
> </fragment>
> </fragment>
> -
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml Tue Oct 4 04:10:42 2011
> @@ -24,4 +24,7 @@ limitations under the License.
> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml Tue Oct 4 04:10:42 2011
> @@ -24,4 +24,7 @@ limitations under the License.
> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
> @@ -24,5 +24,7 @@ limitations under the License.
> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
> </fragment>
> -
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
> @@ -43,4 +43,7 @@ limitations under the License.
> <property layout="TwoColumns" name="column" value="1" />
> </fragment>
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
> @@ -26,5 +26,7 @@ limitations under the License.
> <property name="column" value="0" layout="OneColumn"/>
> </fragment>
> </fragment>
> -
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
> @@ -24,5 +24,7 @@ limitations under the License.
> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
> </fragment>
> -
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml Tue Oct 4 04:10:42 2011
> @@ -24,4 +24,7 @@ limitations under the License.
> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
> ==============================================================================
> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml (original)
> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml Tue Oct 4 04:10:42 2011
> @@ -24,4 +24,7 @@ limitations under the License.
> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
> </fragment>
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
> </page>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
--
David
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: svn commit: r1178678 - in /portals/jetspeed-2: applications/j2-admin/trunk/src/main/webapp/WEB-INF/
portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/
portal/trunk/applications/jetspeed/src/main/weba
Posted by Ate Douma <at...@douma.nu>.
On 10/04/2011 09:22 AM, David Taylor wrote:
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>
> Perhaps when the page is copied or moved with the Site Manager.....
> that could be a security hole, although you had to be an Admin to move
> or copy the page to begin with.
Correct. If a page already is restricted to admin view only, only a admin user
will be able to modify/copy/move them through the Site Manager, so this won't be
a security hole.
Regardless, these extra psml level constraints are only a convenience
measurement to prevent 'Access Denied' messages to be shown to users not allowed
to *execute* the portlet.
Even without these psml constraints on page or folder level these portlets are
'locked down', so there is no possible security hole anyway.
>
> On Tue, Oct 4, 2011 at 12:17 AM, David Taylor<da...@gmail.com> wrote:
>> Ate,
>>
>> Why are you adding all of these security-constraints-refs to the pages
>> if the folder already has the exact same security-constraints-ref? The
>> security constraint is inherited from the folder and the page
>> constraints are unnecessary
>>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>
>> Thanks,
>>
>> --
>> David
>>
>> On Mon, Oct 3, 2011 at 9:10 PM,<at...@apache.org> wrote:
>>> Author: ate
>>> Date: Tue Oct 4 04:10:42 2011
>>> New Revision: 1178678
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1178678&view=rev
>>> Log:
>>> JS2-1263: Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
>>> Both portlet render time enforcement of admin constraints and related psml level admin constraints (hiding portlets/pages instead of showing 'Access Denied') added
>>> See also JS2-1262 for more detail concerning individual portlet render time constraints checking configuration.
>>>
>>> Portlets/pages 'locked down' this way:
>>> - PAM (Portlet Application Manager)
>>> - RPAD (Remote Portlet Application Deployer)
>>> - Permissions& Constraints management
>>> - PortalDataSerializer (Import/Export)
>>>
>>> Modified:
>>> portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>>>
>>> Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml (original)
>>> +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml Tue Oct 4 04:10:42 2011
>>> @@ -157,6 +157,48 @@
>>> <js:metadata name="selector.conditional.role">*</js:metadata>
>>> </portlet>
>>>
>>> +<!-- Render time enforced security constaints (admin) -->
>>> +
>>> +<!-- PAM portlets -->
>>> +<portlet>
>>> +<portlet-name>RegistryApplicationsList</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +<portlet>
>>> +<portlet-name>PortletDetailsManager</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +<portlet>
>>> +<portlet-name>ApplicationDetails</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +<portlet>
>>> +<portlet-name>PortletCloneManager</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +
>>> +<!-- Permissions and Constraints -->
>>> +<portlet>
>>> +<portlet-name>SecurityPermissionsPortlet</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +<portlet>
>>> +<portlet-name>SecurityConstraintsPortlet</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +
>>> +<!-- RPAD -->
>>> +<portlet>
>>> +<portlet-name>RPADPortlet</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +
>>> +<!-- Serializer -->
>>> +<portlet>
>>> +<portlet-name>PortalDataSerializer</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +
>>> <js:services>
>>> <js:service name='ApplicationServerManager' />
>>> <js:service name='DeploymentManager' />
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml Tue Oct 4 04:10:42 2011
>>> @@ -43,4 +43,7 @@ limitations under the License.
>>> <property layout="TwoColumns" name="column" value="1" />
>>> </fragment>
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml Tue Oct 4 04:10:42 2011
>>> @@ -26,5 +26,7 @@ limitations under the License.
>>> <property name="column" value="0" layout="OneColumn"/>
>>> </fragment>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,5 +24,7 @@ limitations under the License.
>>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>>> @@ -43,4 +43,7 @@ limitations under the License.
>>> <property layout="TwoColumns" name="column" value="1" />
>>> </fragment>
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>>> @@ -26,5 +26,7 @@ limitations under the License.
>>> <property name="column" value="0" layout="OneColumn"/>
>>> </fragment>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,5 +24,7 @@ limitations under the License.
>>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml Tue Oct 4 04:10:42 2011
>>> @@ -28,6 +28,9 @@ limitations under the License.
>>> <fragment id="admin-db-1010" type="portlet" name="j2-admin::PortalDataSerializer">
>>> <property name="row" value="0" />
>>> <property name="column" value="1" />
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </fragment>
>>> </fragment>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>>> @@ -43,4 +43,7 @@ limitations under the License.
>>> <property layout="TwoColumns" name="column" value="1" />
>>> </fragment>
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>>> @@ -27,5 +27,7 @@ limitations under the License.
>>> <property name="column" value="0" layout="OneColumn"/>
>>> </fragment>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,5 +24,7 @@ limitations under the License.
>>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>>> @@ -43,4 +43,7 @@ limitations under the License.
>>> <property layout="TwoColumns" name="column" value="1" />
>>> </fragment>
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>>> @@ -26,5 +26,7 @@ limitations under the License.
>>> <property name="column" value="0" layout="OneColumn"/>
>>> </fragment>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,5 +24,7 @@ limitations under the License.
>>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>> ==============================================================================
>>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml (original)
>>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>>
>>>
>>
>>
>>
>> --
>> David
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: svn commit: r1178678 - in /portals/jetspeed-2:
applications/j2-admin/trunk/src/main/webapp/WEB-INF/ portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/
portal/trunk/applications/jetspeed/src/main/weba
Posted by David Taylor <da...@gmail.com>.
> + <security-constraints>
> + <security-constraints-ref>admin</security-constraints-ref>
> + </security-constraints>
Perhaps when the page is copied or moved with the Site Manager.....
that could be a security hole, although you had to be an Admin to move
or copy the page to begin with.
On Tue, Oct 4, 2011 at 12:17 AM, David Taylor <da...@gmail.com> wrote:
> Ate,
>
> Why are you adding all of these security-constraints-refs to the pages
> if the folder already has the exact same security-constraints-ref? The
> security constraint is inherited from the folder and the page
> constraints are unnecessary
>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>
> Thanks,
>
> --
> David
>
> On Mon, Oct 3, 2011 at 9:10 PM, <at...@apache.org> wrote:
>> Author: ate
>> Date: Tue Oct 4 04:10:42 2011
>> New Revision: 1178678
>>
>> URL: http://svn.apache.org/viewvc?rev=1178678&view=rev
>> Log:
>> JS2-1263: Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
>> Both portlet render time enforcement of admin constraints and related psml level admin constraints (hiding portlets/pages instead of showing 'Access Denied') added
>> See also JS2-1262 for more detail concerning individual portlet render time constraints checking configuration.
>>
>> Portlets/pages 'locked down' this way:
>> - PAM (Portlet Application Manager)
>> - RPAD (Remote Portlet Application Deployer)
>> - Permissions & Constraints management
>> - PortalDataSerializer (Import/Export)
>>
>> Modified:
>> portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>>
>> Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml (original)
>> +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml Tue Oct 4 04:10:42 2011
>> @@ -157,6 +157,48 @@
>> <js:metadata name="selector.conditional.role">*</js:metadata>
>> </portlet>
>>
>> + <!-- Render time enforced security constaints (admin) -->
>> +
>> + <!-- PAM portlets -->
>> + <portlet>
>> + <portlet-name>RegistryApplicationsList</portlet-name>
>> + <js:metadata name="render-time.security-constraints">true</js:metadata>
>> + </portlet>
>> + <portlet>
>> + <portlet-name>PortletDetailsManager</portlet-name>
>> + <js:metadata name="render-time.security-constraints">true</js:metadata>
>> + </portlet>
>> + <portlet>
>> + <portlet-name>ApplicationDetails</portlet-name>
>> + <js:metadata name="render-time.security-constraints">true</js:metadata>
>> + </portlet>
>> + <portlet>
>> + <portlet-name>PortletCloneManager</portlet-name>
>> + <js:metadata name="render-time.security-constraints">true</js:metadata>
>> + </portlet>
>> +
>> + <!-- Permissions and Constraints -->
>> + <portlet>
>> + <portlet-name>SecurityPermissionsPortlet</portlet-name>
>> + <js:metadata name="render-time.security-constraints">true</js:metadata>
>> + </portlet>
>> + <portlet>
>> + <portlet-name>SecurityConstraintsPortlet</portlet-name>
>> + <js:metadata name="render-time.security-constraints">true</js:metadata>
>> + </portlet>
>> +
>> + <!-- RPAD -->
>> + <portlet>
>> + <portlet-name>RPADPortlet</portlet-name>
>> + <js:metadata name="render-time.security-constraints">true</js:metadata>
>> + </portlet>
>> +
>> + <!-- Serializer -->
>> + <portlet>
>> + <portlet-name>PortalDataSerializer</portlet-name>
>> + <js:metadata name="render-time.security-constraints">true</js:metadata>
>> + </portlet>
>> +
>> <js:services>
>> <js:service name='ApplicationServerManager' />
>> <js:service name='DeploymentManager' />
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml Tue Oct 4 04:10:42 2011
>> @@ -43,4 +43,7 @@ limitations under the License.
>> <property layout="TwoColumns" name="column" value="1" />
>> </fragment>
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml Tue Oct 4 04:10:42 2011
>> @@ -26,5 +26,7 @@ limitations under the License.
>> <property name="column" value="0" layout="OneColumn"/>
>> </fragment>
>> </fragment>
>> -
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml Tue Oct 4 04:10:42 2011
>> @@ -24,5 +24,7 @@ limitations under the License.
>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>> </fragment>
>> -
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>> @@ -43,4 +43,7 @@ limitations under the License.
>> <property layout="TwoColumns" name="column" value="1" />
>> </fragment>
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>> @@ -26,5 +26,7 @@ limitations under the License.
>> <property name="column" value="0" layout="OneColumn"/>
>> </fragment>
>> </fragment>
>> -
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>> @@ -24,5 +24,7 @@ limitations under the License.
>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>> </fragment>
>> -
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml Tue Oct 4 04:10:42 2011
>> @@ -28,6 +28,9 @@ limitations under the License.
>> <fragment id="admin-db-1010" type="portlet" name="j2-admin::PortalDataSerializer">
>> <property name="row" value="0" />
>> <property name="column" value="1" />
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </fragment>
>> </fragment>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>> @@ -43,4 +43,7 @@ limitations under the License.
>> <property layout="TwoColumns" name="column" value="1" />
>> </fragment>
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>> @@ -27,5 +27,7 @@ limitations under the License.
>> <property name="column" value="0" layout="OneColumn"/>
>> </fragment>
>> </fragment>
>> -
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>> @@ -24,5 +24,7 @@ limitations under the License.
>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>> </fragment>
>> -
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>> @@ -43,4 +43,7 @@ limitations under the License.
>> <property layout="TwoColumns" name="column" value="1" />
>> </fragment>
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>> @@ -26,5 +26,7 @@ limitations under the License.
>> <property name="column" value="0" layout="OneColumn"/>
>> </fragment>
>> </fragment>
>> -
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>> @@ -24,5 +24,7 @@ limitations under the License.
>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>> </fragment>
>> -
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>> </fragment>
>> + <security-constraints>
>> + <security-constraints-ref>admin</security-constraints-ref>
>> + </security-constraints>
>> </page>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>
>>
>
>
>
> --
> David
>
--
David
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: svn commit: r1178678 - in /portals/jetspeed-2:
applications/j2-admin/trunk/src/main/webapp/WEB-INF/ portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/
portal/trunk/applications/jetspeed/src/main/weba
Posted by David Taylor <da...@gmail.com>.
On Tue, Oct 4, 2011 at 4:50 AM, Ate Douma <at...@douma.nu> wrote:
> On 10/04/2011 01:28 PM, Ate Douma wrote:
>>
>> On 10/04/2011 09:17 AM, David Taylor wrote:
>>>
>>> Ate,
>>>
>>> Why are you adding all of these security-constraints-refs to the pages
>>> if the folder already has the exact same security-constraints-ref? The
>>> security constraint is inherited from the folder and the page
>>> constraints are unnecessary
>>>
>>>> +<security-constraints>
>>>> +<security-constraints-ref>admin</security-constraints-ref>
>>>> +</security-constraints>
>>>
>> David, you are right: for most of these this actually isn't needed as the
>> inherited folder security constraints already will enforce it.
>>
>> With one exception though: the demo pages for the classic (portal) ui
>> still has
>> everything in one folder (/Administrative) using
>> <security-constaints-ref>manager</security-constraints-ref>
>>
>> Because of that use-case (which I think is a valid and good example, not
>> sure
>> why that was removed from the jetui demo configuration), I had to enforce
>> these
>> constraints on psml page level there.
>> And because it was late I simply applied the same change on every psml
>> reference
>> for these 'locked down' portlets.
>>
>> I can remove these changes where they are redundant, now, but if/when we
>> would
>> add a manager role to the jetui demo similar to the classic demo pages,
>> these
>> extra constraints would be needed.
>>
>> WDYT?
>
> On second thoughts: I think its actually quite nice we have such different
> demo configurations, the 'classic' one showing both admin and manager access
> usages to the administrative portlets, while the jetui demo showing a much
> more 'tuned' variant with only delegated user security on the devmgr role.
>
> So I think I like to keep it as is, and therefore will remove the redundant
> psml constraints again, except for the 'classic' demo psml which really does
> need them.
>
> Thanks for pointing it out David!
>
+1
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: svn commit: r1178678 - in /portals/jetspeed-2: applications/j2-admin/trunk/src/main/webapp/WEB-INF/
portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/
portal/trunk/applications/jetspeed/src/main/weba
Posted by Ate Douma <at...@douma.nu>.
On 10/04/2011 01:28 PM, Ate Douma wrote:
> On 10/04/2011 09:17 AM, David Taylor wrote:
>> Ate,
>>
>> Why are you adding all of these security-constraints-refs to the pages
>> if the folder already has the exact same security-constraints-ref? The
>> security constraint is inherited from the folder and the page
>> constraints are unnecessary
>>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>
> David, you are right: for most of these this actually isn't needed as the
> inherited folder security constraints already will enforce it.
>
> With one exception though: the demo pages for the classic (portal) ui still has
> everything in one folder (/Administrative) using
> <security-constaints-ref>manager</security-constraints-ref>
>
> Because of that use-case (which I think is a valid and good example, not sure
> why that was removed from the jetui demo configuration), I had to enforce these
> constraints on psml page level there.
> And because it was late I simply applied the same change on every psml reference
> for these 'locked down' portlets.
>
> I can remove these changes where they are redundant, now, but if/when we would
> add a manager role to the jetui demo similar to the classic demo pages, these
> extra constraints would be needed.
>
> WDYT?
On second thoughts: I think its actually quite nice we have such different demo
configurations, the 'classic' one showing both admin and manager access usages
to the administrative portlets, while the jetui demo showing a much more 'tuned'
variant with only delegated user security on the devmgr role.
So I think I like to keep it as is, and therefore will remove the redundant psml
constraints again, except for the 'classic' demo psml which really does need them.
Thanks for pointing it out David!
Regards,
Ate
>
> Ate
>
>> Thanks,
>>
>> --
>> David
>>
>> On Mon, Oct 3, 2011 at 9:10 PM,<at...@apache.org> wrote:
>>> Author: ate
>>> Date: Tue Oct 4 04:10:42 2011
>>> New Revision: 1178678
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1178678&view=rev
>>> Log:
>>> JS2-1263: Hardening j2-admin security by restricting access to hot deployment
>>> and portlet metadata features to admin role only
>>> Both portlet render time enforcement of admin constraints and related psml
>>> level admin constraints (hiding portlets/pages instead of showing 'Access
>>> Denied') added
>>> See also JS2-1262 for more detail concerning individual portlet render time
>>> constraints checking configuration.
>>>
>>> Portlets/pages 'locked down' this way:
>>> - PAM (Portlet Application Manager)
>>> - RPAD (Remote Portlet Application Deployer)
>>> - Permissions& Constraints management
>>> - PortalDataSerializer (Import/Export)
>>>
>>> Modified:
>>> portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>>>
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>>>
>>>
>>> Modified:
>>> portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>>> (original)
>>> +++
>>> portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -157,6 +157,48 @@
>>> <js:metadata name="selector.conditional.role">*</js:metadata>
>>> </portlet>
>>>
>>> +<!-- Render time enforced security constaints (admin) -->
>>> +
>>> +<!-- PAM portlets -->
>>> +<portlet>
>>> +<portlet-name>RegistryApplicationsList</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +<portlet>
>>> +<portlet-name>PortletDetailsManager</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +<portlet>
>>> +<portlet-name>ApplicationDetails</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +<portlet>
>>> +<portlet-name>PortletCloneManager</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +
>>> +<!-- Permissions and Constraints -->
>>> +<portlet>
>>> +<portlet-name>SecurityPermissionsPortlet</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +<portlet>
>>> +<portlet-name>SecurityConstraintsPortlet</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +
>>> +<!-- RPAD -->
>>> +<portlet>
>>> +<portlet-name>RPADPortlet</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +
>>> +<!-- Serializer -->
>>> +<portlet>
>>> +<portlet-name>PortalDataSerializer</portlet-name>
>>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>>> +</portlet>
>>> +
>>> <js:services>
>>> <js:service name='ApplicationServerManager' />
>>> <js:service name='DeploymentManager' />
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -43,4 +43,7 @@ limitations under the License.
>>> <property layout="TwoColumns" name="column" value="1" />
>>> </fragment>
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -26,5 +26,7 @@ limitations under the License.
>>> <property name="column" value="0" layout="OneColumn"/>
>>> </fragment>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,5 +24,7 @@ limitations under the License.
>>> <fragment id="export-layout-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-constraints-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-constraints-2" type="portlet"
>>> name="j2-admin::SecurityConstraintsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-policy-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-policy-2" type="portlet"
>>> name="j2-admin::SecurityPermissionsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -43,4 +43,7 @@ limitations under the License.
>>> <property layout="TwoColumns" name="column" value="1" />
>>> </fragment>
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -26,5 +26,7 @@ limitations under the License.
>>> <property name="column" value="0" layout="OneColumn"/>
>>> </fragment>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,5 +24,7 @@ limitations under the License.
>>> <fragment id="export-layout-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-constraints-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-constraints-2" type="portlet"
>>> name="j2-admin::SecurityConstraintsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-policy-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-policy-2" type="portlet"
>>> name="j2-admin::SecurityPermissionsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -28,6 +28,9 @@ limitations under the License.
>>> <fragment id="admin-db-1010" type="portlet"
>>> name="j2-admin::PortalDataSerializer">
>>> <property name="row" value="0" />
>>> <property name="column" value="1" />
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </fragment>
>>> </fragment>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -43,4 +43,7 @@ limitations under the License.
>>> <property layout="TwoColumns" name="column" value="1" />
>>> </fragment>
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -27,5 +27,7 @@ limitations under the License.
>>> <property name="column" value="0" layout="OneColumn"/>
>>> </fragment>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-constraints-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-constraints-2" type="portlet"
>>> name="j2-admin::SecurityConstraintsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-policy-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-policy-2" type="portlet"
>>> name="j2-admin::SecurityPermissionsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,5 +24,7 @@ limitations under the License.
>>> <fragment id="export-layout-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -43,4 +43,7 @@ limitations under the License.
>>> <property layout="TwoColumns" name="column" value="1" />
>>> </fragment>
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -26,5 +26,7 @@ limitations under the License.
>>> <property name="column" value="0" layout="OneColumn"/>
>>> </fragment>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,5 +24,7 @@ limitations under the License.
>>> <fragment id="export-layout-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>>> </fragment>
>>> -
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-constraints-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-constraints-2" type="portlet"
>>> name="j2-admin::SecurityConstraintsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>> Modified:
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>>>
>>> URL:
>>> http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>>>
>>> ==============================================================================
>>> ---
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>>> (original)
>>> +++
>>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>>> Tue Oct 4 04:10:42 2011
>>> @@ -24,4 +24,7 @@ limitations under the License.
>>> <fragment id="m-security-policy-1" type="layout"
>>> name="jetspeed-layouts::VelocityOneColumn">
>>> <fragment id="m-security-policy-2" type="portlet"
>>> name="j2-admin::SecurityPermissionsPortlet" />
>>> </fragment>
>>> +<security-constraints>
>>> +<security-constraints-ref>admin</security-constraints-ref>
>>> +</security-constraints>
>>> </page>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>>
>>>
>>
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: svn commit: r1178678 - in /portals/jetspeed-2: applications/j2-admin/trunk/src/main/webapp/WEB-INF/
portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/
portal/trunk/applications/jetspeed/src/main/weba
Posted by Ate Douma <at...@douma.nu>.
On 10/04/2011 09:17 AM, David Taylor wrote:
> Ate,
>
> Why are you adding all of these security-constraints-refs to the pages
> if the folder already has the exact same security-constraints-ref? The
> security constraint is inherited from the folder and the page
> constraints are unnecessary
>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>
David, you are right: for most of these this actually isn't needed as the
inherited folder security constraints already will enforce it.
With one exception though: the demo pages for the classic (portal) ui still has
everything in one folder (/Administrative) using
<security-constaints-ref>manager</security-constraints-ref>
Because of that use-case (which I think is a valid and good example, not sure
why that was removed from the jetui demo configuration), I had to enforce these
constraints on psml page level there.
And because it was late I simply applied the same change on every psml reference
for these 'locked down' portlets.
I can remove these changes where they are redundant, now, but if/when we would
add a manager role to the jetui demo similar to the classic demo pages, these
extra constraints would be needed.
WDYT?
Ate
> Thanks,
>
> --
> David
>
> On Mon, Oct 3, 2011 at 9:10 PM,<at...@apache.org> wrote:
>> Author: ate
>> Date: Tue Oct 4 04:10:42 2011
>> New Revision: 1178678
>>
>> URL: http://svn.apache.org/viewvc?rev=1178678&view=rev
>> Log:
>> JS2-1263: Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
>> Both portlet render time enforcement of admin constraints and related psml level admin constraints (hiding portlets/pages instead of showing 'Access Denied') added
>> See also JS2-1262 for more detail concerning individual portlet render time constraints checking configuration.
>>
>> Portlets/pages 'locked down' this way:
>> - PAM (Portlet Application Manager)
>> - RPAD (Remote Portlet Application Deployer)
>> - Permissions& Constraints management
>> - PortalDataSerializer (Import/Export)
>>
>> Modified:
>> portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>> portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>>
>> Modified: portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml (original)
>> +++ portals/jetspeed-2/applications/j2-admin/trunk/src/main/webapp/WEB-INF/jetspeed-portlet.xml Tue Oct 4 04:10:42 2011
>> @@ -157,6 +157,48 @@
>> <js:metadata name="selector.conditional.role">*</js:metadata>
>> </portlet>
>>
>> +<!-- Render time enforced security constaints (admin) -->
>> +
>> +<!-- PAM portlets -->
>> +<portlet>
>> +<portlet-name>RegistryApplicationsList</portlet-name>
>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>> +</portlet>
>> +<portlet>
>> +<portlet-name>PortletDetailsManager</portlet-name>
>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>> +</portlet>
>> +<portlet>
>> +<portlet-name>ApplicationDetails</portlet-name>
>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>> +</portlet>
>> +<portlet>
>> +<portlet-name>PortletCloneManager</portlet-name>
>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>> +</portlet>
>> +
>> +<!-- Permissions and Constraints -->
>> +<portlet>
>> +<portlet-name>SecurityPermissionsPortlet</portlet-name>
>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>> +</portlet>
>> +<portlet>
>> +<portlet-name>SecurityConstraintsPortlet</portlet-name>
>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>> +</portlet>
>> +
>> +<!-- RPAD -->
>> +<portlet>
>> +<portlet-name>RPADPortlet</portlet-name>
>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>> +</portlet>
>> +
>> +<!-- Serializer -->
>> +<portlet>
>> +<portlet-name>PortalDataSerializer</portlet-name>
>> +<js:metadata name="render-time.security-constraints">true</js:metadata>
>> +</portlet>
>> +
>> <js:services>
>> <js:service name='ApplicationServerManager' />
>> <js:service name='DeploymentManager' />
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml Tue Oct 4 04:10:42 2011
>> @@ -43,4 +43,7 @@ limitations under the License.
>> <property layout="TwoColumns" name="column" value="1" />
>> </fragment>
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml Tue Oct 4 04:10:42 2011
>> @@ -26,5 +26,7 @@ limitations under the License.
>> <property name="column" value="0" layout="OneColumn"/>
>> </fragment>
>> </fragment>
>> -
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml Tue Oct 4 04:10:42 2011
>> @@ -24,5 +24,7 @@ limitations under the License.
>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>> </fragment>
>> -
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>> @@ -43,4 +43,7 @@ limitations under the License.
>> <property layout="TwoColumns" name="column" value="1" />
>> </fragment>
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>> @@ -26,5 +26,7 @@ limitations under the License.
>> <property name="column" value="0" layout="OneColumn"/>
>> </fragment>
>> </fragment>
>> -
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>> @@ -24,5 +24,7 @@ limitations under the License.
>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>> </fragment>
>> -
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml Tue Oct 4 04:10:42 2011
>> @@ -28,6 +28,9 @@ limitations under the License.
>> <fragment id="admin-db-1010" type="portlet" name="j2-admin::PortalDataSerializer">
>> <property name="row" value="0" />
>> <property name="column" value="1" />
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </fragment>
>> </fragment>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>> @@ -43,4 +43,7 @@ limitations under the License.
>> <property layout="TwoColumns" name="column" value="1" />
>> </fragment>
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>> @@ -27,5 +27,7 @@ limitations under the License.
>> <property name="column" value="0" layout="OneColumn"/>
>> </fragment>
>> </fragment>
>> -
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-constraints.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/security-permissions.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>> @@ -24,5 +24,7 @@ limitations under the License.
>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>> </fragment>
>> -
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml Tue Oct 4 04:10:42 2011
>> @@ -43,4 +43,7 @@ limitations under the License.
>> <property layout="TwoColumns" name="column" value="1" />
>> </fragment>
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml Tue Oct 4 04:10:42 2011
>> @@ -26,5 +26,7 @@ limitations under the License.
>> <property name="column" value="0" layout="OneColumn"/>
>> </fragment>
>> </fragment>
>> -
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml Tue Oct 4 04:10:42 2011
>> @@ -24,5 +24,7 @@ limitations under the License.
>> <fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
>> </fragment>
>> -
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>> Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
>> URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml?rev=1178678&r1=1178677&r2=1178678&view=diff
>> ==============================================================================
>> --- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml (original)
>> +++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml Tue Oct 4 04:10:42 2011
>> @@ -24,4 +24,7 @@ limitations under the License.
>> <fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
>> <fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
>> </fragment>
>> +<security-constraints>
>> +<security-constraints-ref>admin</security-constraints-ref>
>> +</security-constraints>
>> </page>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
>> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org