Hi all,
I read this from
http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/config.html
:<http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/config.html>
- AuthorizationProvider : Configures the policies and instantiates the
SecurityPolicies that are used for enforcing permissions. By default,
Jetspeed 2 does not load any other security policies that may have been
configured. In order to use default policies, set useDefaultPolicy to
true
<bean id="org.apache.jetspeed.security.AuthorizationProvider"
class="org.apache.jetspeed.security.impl.AuthorizationProviderImpl">
<constructor-arg index="0">
<ref bean="org.apache.jetspeed.security.impl.RdbmsPolicy"/>
</constructor-arg>
<!-- Does not use the default policy as a default behavior -->
<constructor-arg index="1"><value>false</value></constructor-arg>
</bean>
Then I follow the instruction to set useDefaultPolicy = true, but it seems
that this is meaningless, because RdbmsPolicy never call
getPermissions(ProtectionDomain domain) in its implies(ProtectionDomain
protectionDomain, Permission permission). RdbmsPolicy create its
PermissionCollection by calling PermissionManager.getPermissions(Collection
principals) directly.
--
thanks,
- Jian Liao
