You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by ja...@mitre.org on 2002/12/19 15:26:34 UTC
Security Portlets Questions.
I've started exploring the security aspects of Jetspeed and have some
questions & issues. I searched the archive and found some older discussions
on a few of these items, but a couple of them went unanswered even in the
past.
1. Security Role Browser.
Add a role - myrole.
After the role is added, select "Permissions".
Fill in some of the checkboxes.
Select "Update" - you are taken to the list of Permissions NOT the
list of roles. That seems wrong.
Select "Security Role Browser" again.
Select "Permissions" for the role you created.
All of the Permission checkboxes are empty - where'd the settings
go?
2. Permission Browser.
What is the purpose of this? If I understand things correctly, each
portlet has its own set of actions, which are controlled by
<security-entry>s in the registry. What is the "Permission Browser" doing?
Which security role(s) is it modifying the permissions of? Which portlets
are these permissions being modified for?
3. Security Browser.
Are the "Security ID"s listed in this supposed to correspond to
Roles in the "Security Role Browser"? If so, why don't they? If not, how
are the two related?
4. Schema questions.
The DTD documentation says <portlet-control-entry>s may have
<security> and <security-ref>s. To what end? What is the purpose of
<security> and <security-ref>s in <parameter> elements of <portlet-entry>s?
- Jasen.