You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Marina <pp...@yahoo.com> on 2004/12/01 16:47:15 UTC
Re: jetspeed-newbie Roles-Groups-Users
Hi,
sorry, I'm still struggling with the user management/
access control. The documentation from J2's profiler
directory helped somewhat but now I have even more
questions than before :)
First, I looked at the jetspeed.xml - and I see
--- Randy Watler <rw...@finali.com> wrote:
> Marina,
>
> There are two different Roles/Groups/Users domains
> in effect: Tomcat's
> and Jetspeed's. Jetspeed has its own JAAS
> login/logout that is managed
> separately from the global Tomcat configuration,
> (see jetspeed.xml for
> the JAAS Realm definition). Configuration of
> Tomcat's Realm is only
> necessary for running the manager/admin application
> to deploy portlet
> webapps.
>
> I am not sure why your Tomcat security configuration
> did not control
> access to the Jetspeed application as a whole, (I am
> not an expert there
> to say the least; I've never had to use that believe
> it or not).
>
> To use the portlet security, you'll probably need to
> configure the
> Jetspeed realm correctly or use the demo logins.
> Like I said, I am not
> sure portlet security is implemented at this time,
> YMMV. See the
> populate-userinfo-for-default-psml.sql script.
>
> For page level security, see the demo psml pages
> under
> jetspeed/WEB-INF/pages. No document on this stuff
> yet... it is very new
> and still settling in.
>
> I will mail a PDF version of the profiling document
> to you in few minutes.
>
> Randy
>
> Marina wrote:
>
> >Randy,
> >Thanks a lot for your response.
> >
> >I indeed have more specific question on the
> security
> >setup in J2.
> >I should note right away that I apologize if these
> >questions are answered in the documentation you
> >mentioned - I was not able to read it as it seems
> to
> >be in the .sxw format (StarOffice, I think ?). Any
> >idea how to convert them into some other format if
> I
> >don't have StarOffice readily available?
> >
> >Now to my questions.
> >I'm trying to do a very common thing: require a
> user
> >to log in when he access the portal for the first
> >time, and then show only those portlets that this
> user
> >is authorized to see, and give him only those
> access
> >rights to some functionality (buttons, links in
> the
> >portlets) that he is authorized to do.
> >
> >First of, I was not sure how to limit access to the
> >portal as a whole - usually you do that kind of
> thing
> >in the web.xml descriptor of the web application. I
> >guess that would be the
> >$TOMCAT_HOME/webapps/jetspeed/WEB-INF/web.xml
> >But then, would not it be overwritten when Jetspeed
> is
> >redeployed using the Maven build scripts? And what
> ><url-pattern> would I have to specify - /jetspeed/*
> or
> >something like that?
> >
> >Anyway, I decided to try to protect the main
> portlet
> >as the first step. In my potlet's web.xml I
> specified:
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Secure EventCalendar
> > </web-resource-name>
> > <url-pattern>/EventsCalendarPortlet/*
> > </url-pattern>
> > <http-method>GET</http-method>
> > <http-method>POST</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>dce_admin</role-name>
> > </auth-constraint>
> > </security-constraint>
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > </login-config>
> > <security-role>
> > <role-name>dce_admin</role-name>
> > </security-role>
> >
> >and I have a corresponding role defined in the
> >tomcat-users.xml:
> > <role rolename="dce_admin"/>
> > <user username="dce_admin"
> password="some_password"
> >roles="dce_admin"/>
> >
> >Since I could not find any Jetspeed-specific
> >information on specifying security constraints for
> >individual portlets, I just used the Portlet
> >Specification as the guide and added this to the
> >portlet's portlet.xml:
> >
> > <security-role-ref>
> > <role-name>dce_admin</role-name>
> > <role-link>dce_admin</role-link>
> > </security-role-ref>
> >
> >The EventsCalendarPortlet got deployed into J2 just
> >fine, but it was displayed in the portal without
> >prompting me for any username/password.
> >
> >If you could give me any pointers as to what I'm
> >missing and what would the main steps be to achieve
> >what I'm trying to do it would be great!
> >
> >Sorry for such a long e-mail,
> >
> >thanks!
> >Marina
> >
> >--- Randy Watler <rw...@finali.com> wrote:
> >
> >
> >
> >>MP,
> >>
> >>I am more or less responsible for the J2 profiling
> >>and security features.
> >>
> >>There is some documentation in the J2 design-docs
> >>under the profiler
> >>directory, (pull from CVS).
> >>
> >>Also the demo configuration for user/user,
> >>(username=user, password=user),
> >>uses profiling extensively to customize its view
> and
> >>security to limit its
> >>access to the admin pages/portlets.
> >>
> >>BTW, this functionality is page based, not portlet
> >>based. Portlet security
> >>constraints can be specified in the portlet.xml,
> but
> >>I am not sure if they
> >>are 100% implemented at this point.
> >>
> >>Feel free to send more specific J2 questions to
> the
> >>list.
> >>
> >>HTH,
> >>
> >>Randy Watler
> >>
> >>-----Original Message-----
> >>From: M P
> >>To: Jetspeed Users List
> >>Sent: 11/27/04 12:10 PM
> >>Subject: Re: jetspeed-newbie Roles-Groups-Users
> >>
> >>Hi, David,
> >>
> >>The documentation you mentioned is for Jetspeed 1.
> >>Is
> >>it also true for Jetspeed2? If not - could you
> point
> >>me to where I could find it for J2? I looked
> >>through
> >>all documentation on the J2 home page and Wikis
> and
> >>could not find anything on how to control access
> to
> >>specific portlets based on user roles/ groups.
> >>
> >>Thank you!
> >>Marina
> >>
> >>--- David Sean Taylor <da...@bluesunrise.com>
> wrote:
> >>
> >>
> >>
> >>>Thilina wrote:
>
=== message truncated ===
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org