On Tue, Oct 4, 2011 at 4:50 AM, Ate Douma <a...@douma.nu> wrote: > On 10/04/2011 01:28 PM, Ate Douma wrote: >> >> On 10/04/2011 09:17 AM, David Taylor wrote: >>> >>> Ate, >>> >>> Why are you adding all of these security-constraints-refs to the pages >>> if the folder already has the exact same security-constraints-ref? The >>> security constraint is inherited from the folder and the page >>> constraints are unnecessary >>> >>>> +<security-constraints> >>>> +<security-constraints-ref>admin</security-constraints-ref> >>>> +</security-constraints> >>> >> David, you are right: for most of these this actually isn't needed as the >> inherited folder security constraints already will enforce it. >> >> With one exception though: the demo pages for the classic (portal) ui >> still has >> everything in one folder (/Administrative) using >> <security-constaints-ref>manager</security-constraints-ref> >> >> Because of that use-case (which I think is a valid and good example, not >> sure >> why that was removed from the jetui demo configuration), I had to enforce >> these >> constraints on psml page level there. >> And because it was late I simply applied the same change on every psml >> reference >> for these 'locked down' portlets. >> >> I can remove these changes where they are redundant, now, but if/when we >> would >> add a manager role to the jetui demo similar to the classic demo pages, >> these >> extra constraints would be needed. >> >> WDYT? > > On second thoughts: I think its actually quite nice we have such different > demo configurations, the 'classic' one showing both admin and manager access > usages to the administrative portlets, while the jetui demo showing a much > more 'tuned' variant with only delegated user security on the devmgr role. > > So I think I like to keep it as is, and therefore will remove the redundant > psml constraints again, except for the 'classic' demo psml which really does > need them. > > Thanks for pointing it out David! > +1
--------------------------------------------------------------------- To unsubscribe, e-mail: jetspeed-dev-unsubscr...@portals.apache.org For additional commands, e-mail: jetspeed-dev-h...@portals.apache.org
