You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by at...@apache.org on 2011/10/04 14:03:14 UTC
svn commit: r1178764 - in
/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF:
min-pages/Administrative/portal-admin/ min-pages/Administrative/security/
min-ui-pages/Administrative/ min-ui-pages/Security/ min-ui-pages/_user/a...
Author: ate
Date: Tue Oct 4 12:03:14 2011
New Revision: 1178764
URL: http://svn.apache.org/viewvc?rev=1178764&view=rev
Log:
JS2-1263: Hardening j2-admin security by restricting access to hot deployment and portlet metadata features to admin role only
Reverting again psml level admin constraints which were redundant as their folder already enforced this by inheritance
Modified:
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/pam.psml Tue Oct 4 12:03:14 2011
@@ -43,7 +43,4 @@ limitations under the License.
<property layout="TwoColumns" name="column" value="1" />
</fragment>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/rpad.psml Tue Oct 4 12:03:14 2011
@@ -26,7 +26,4 @@ limitations under the License.
<property name="column" value="0" layout="OneColumn"/>
</fragment>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/portal-admin/serializer.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-constraints.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-pages/Administrative/security/security-permissions.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/pam.psml Tue Oct 4 12:03:14 2011
@@ -43,7 +43,4 @@ limitations under the License.
<property layout="TwoColumns" name="column" value="1" />
</fragment>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/rpad.psml Tue Oct 4 12:03:14 2011
@@ -26,7 +26,4 @@ limitations under the License.
<property name="column" value="0" layout="OneColumn"/>
</fragment>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Administrative/serializer.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-constraints.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/Security/security-permissions.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/min-ui-pages/_user/admin/default-page.psml Tue Oct 4 12:03:14 2011
@@ -28,9 +28,6 @@ limitations under the License.
<fragment id="admin-db-1010" type="portlet" name="j2-admin::PortalDataSerializer">
<property name="row" value="0" />
<property name="column" value="1" />
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</fragment>
</fragment>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/pam.psml Tue Oct 4 12:03:14 2011
@@ -43,7 +43,4 @@ limitations under the License.
<property layout="TwoColumns" name="column" value="1" />
</fragment>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/rpad.psml Tue Oct 4 12:03:14 2011
@@ -26,7 +26,4 @@ limitations under the License.
<property name="column" value="0" layout="OneColumn"/>
</fragment>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/Administrative/serializer.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="export-layout-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="export-2" type="portlet" name="j2-admin::PortalDataSerializer"/>
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-constraints.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="m-security-constraints-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="m-security-constraints-2" type="portlet" name="j2-admin::SecurityConstraintsPortlet" />
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
Modified: portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml?rev=1178764&r1=1178763&r2=1178764&view=diff
==============================================================================
--- portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml (original)
+++ portals/jetspeed-2/portal/trunk/applications/jetspeed/src/main/webapp/WEB-INF/ui-pages/security/security-permissions.psml Tue Oct 4 12:03:14 2011
@@ -24,7 +24,4 @@ limitations under the License.
<fragment id="m-security-policy-1" type="layout" name="jetspeed-layouts::VelocityOneColumn">
<fragment id="m-security-policy-2" type="portlet" name="j2-admin::SecurityPermissionsPortlet" />
</fragment>
- <security-constraints>
- <security-constraints-ref>admin</security-constraints-ref>
- </security-constraints>
</page>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org