Hi, sorry, I'm still struggling with the user management/ access control. The documentation from J2's profiler directory helped somewhat but now I have even more questions than before :)
First, I looked at the jetspeed.xml - and I see --- Randy Watler <[EMAIL PROTECTED]> wrote: > Marina, > > There are two different Roles/Groups/Users domains > in effect: Tomcat's > and Jetspeed's. Jetspeed has its own JAAS > login/logout that is managed > separately from the global Tomcat configuration, > (see jetspeed.xml for > the JAAS Realm definition). Configuration of > Tomcat's Realm is only > necessary for running the manager/admin application > to deploy portlet > webapps. > > I am not sure why your Tomcat security configuration > did not control > access to the Jetspeed application as a whole, (I am > not an expert there > to say the least; I've never had to use that believe > it or not). > > To use the portlet security, you'll probably need to > configure the > Jetspeed realm correctly or use the demo logins. > Like I said, I am not > sure portlet security is implemented at this time, > YMMV. See the > populate-userinfo-for-default-psml.sql script. > > For page level security, see the demo psml pages > under > jetspeed/WEB-INF/pages. No document on this stuff > yet... it is very new > and still settling in. > > I will mail a PDF version of the profiling document > to you in few minutes. > > Randy > > Marina wrote: > > >Randy, > >Thanks a lot for your response. > > > >I indeed have more specific question on the > security > >setup in J2. > >I should note right away that I apologize if these > >questions are answered in the documentation you > >mentioned - I was not able to read it as it seems > to > >be in the .sxw format (StarOffice, I think ?). Any > >idea how to convert them into some other format if > I > >don't have StarOffice readily available? > > > >Now to my questions. > >I'm trying to do a very common thing: require a > user > >to log in when he access the portal for the first > >time, and then show only those portlets that this > user > >is authorized to see, and give him only those > access > >rights to some functionality (buttons, links in > the > >portlets) that he is authorized to do. > > > >First of, I was not sure how to limit access to the > >portal as a whole - usually you do that kind of > thing > >in the web.xml descriptor of the web application. I > >guess that would be the > >$TOMCAT_HOME/webapps/jetspeed/WEB-INF/web.xml > >But then, would not it be overwritten when Jetspeed > is > >redeployed using the Maven build scripts? And what > ><url-pattern> would I have to specify - /jetspeed/* > or > >something like that? > > > >Anyway, I decided to try to protect the main > portlet > >as the first step. In my potlet's web.xml I > specified: > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Secure EventCalendar > > </web-resource-name> > > <url-pattern>/EventsCalendarPortlet/* > > </url-pattern> > > <http-method>GET</http-method> > > <http-method>POST</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>dce_admin</role-name> > > </auth-constraint> > > </security-constraint> > > <login-config> > > <auth-method>BASIC</auth-method> > > </login-config> > > <security-role> > > <role-name>dce_admin</role-name> > > </security-role> > > > >and I have a corresponding role defined in the > >tomcat-users.xml: > > <role rolename="dce_admin"/> > > <user username="dce_admin" > password="some_password" > >roles="dce_admin"/> > > > >Since I could not find any Jetspeed-specific > >information on specifying security constraints for > >individual portlets, I just used the Portlet > >Specification as the guide and added this to the > >portlet's portlet.xml: > > > > <security-role-ref> > > <role-name>dce_admin</role-name> > > <role-link>dce_admin</role-link> > > </security-role-ref> > > > >The EventsCalendarPortlet got deployed into J2 just > >fine, but it was displayed in the portal without > >prompting me for any username/password. > > > >If you could give me any pointers as to what I'm > >missing and what would the main steps be to achieve > >what I'm trying to do it would be great! > > > >Sorry for such a long e-mail, > > > >thanks! > >Marina > > > >--- Randy Watler <[EMAIL PROTECTED]> wrote: > > > > > > > >>MP, > >> > >>I am more or less responsible for the J2 profiling > >>and security features. > >> > >>There is some documentation in the J2 design-docs > >>under the profiler > >>directory, (pull from CVS). > >> > >>Also the demo configuration for user/user, > >>(username=user, password=user), > >>uses profiling extensively to customize its view > and > >>security to limit its > >>access to the admin pages/portlets. > >> > >>BTW, this functionality is page based, not portlet > >>based. Portlet security > >>constraints can be specified in the portlet.xml, > but > >>I am not sure if they > >>are 100% implemented at this point. > >> > >>Feel free to send more specific J2 questions to > the > >>list. > >> > >>HTH, > >> > >>Randy Watler > >> > >>-----Original Message----- > >>From: M P > >>To: Jetspeed Users List > >>Sent: 11/27/04 12:10 PM > >>Subject: Re: jetspeed-newbie Roles-Groups-Users > >> > >>Hi, David, > >> > >>The documentation you mentioned is for Jetspeed 1. > >>Is > >>it also true for Jetspeed2? If not - could you > point > >>me to where I could find it for J2? I looked > >>through > >>all documentation on the J2 home page and Wikis > and > >>could not find anything on how to control access > to > >>specific portlets based on user roles/ groups. > >> > >>Thank you! > >>Marina > >> > >>--- David Sean Taylor <[EMAIL PROTECTED]> > wrote: > >> > >> > >> > >>>Thilina wrote: > === message truncated === __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]