Marina,
Using the Profiler effectively is more in my court, so let's see if I can
help here.
I think there are three subjects here that need individual attention:
1. you probably do not need to define a new profiling rule... there are some
predefined rules that you can use to achieve role-based profiling,
2. the demo site is just that and you should start with a clean
WEB-INF/pages directory only adding in what you need from the demo site, and
3. the tigris sample decorator is a good starting place, but most everyone
ends up customizing and deploying their own flavor.
So, rather than trying to figure out what you have now, I would like to know
what your objective is. I'll then tell you how I'd solve it using the M1
release version. We can then compare notes and take it from there... ok?
Randy
-----Original Message-----
From: Marina
To: Jetspeed Users List
Sent: 12/30/04 1:26 PM
Subject: Re: How to create a custom profiling rule?
David,
Thanks for the clarification. I did find a way to do
role-based profiling, basically, by restricting access
to specific PSML pages by roles.
I still have a few problems I was not able to solve so
far. The main one is that I still get some elements
from the '/' directory included into my pages, even
though I explicitly specified in my profiling rule
that only elements from a specific directory should be
used. I think I made some stupid mistakes while
creating custom profiling rules...
Here is how I setup my portal's content and created a
new profiling rule using direct SQL (I don't think it
is possible to that through the Admin portlets yet):
1. create new directory for my Portal content:
pages/dce-portal
place into this directory:
dce-main-page.psml
dce-user-page.psml
folder.metadata
2. define new role, 'dce-user-role', and assign it to
the 'dce-user' user
3. define security constraints in the folder.metadata:
'guest' users can view all pages;
users with 'dce-user-role' role can view all pages
<security-constraints>
<security-constraint>
<users>guest</users>
<permissions>view</permissions>
</security-constraint>
<security-constraint>
<roles>dce-user-role</roles>
<permissions>view</permissions>
</security-constraint>
</security-constraints>
4. define security constraints in the
dce-main-page.psml:
<!-- allow all users to view -->
<security-constraints>
<security-constraint>
<users>*</users>
<permissions>view</permissions>
</security-constraint>
</security-constraints>
5. define security constraints in the
dce-user-page.psml:
<!-- allow users with 'dce-user-role' only to view
-->
<security-constraints>
<security-constraint>
<roles>dce-user-role</roles>
<permissions>view</permissions>
</security-constraint>
</security-constraints>
6. create new J2 profiling rule: 'dce-generic' rule:
rule for non-logged in DCE Portal users (by default,
they are all 'guest' users)
insert into PROFILING_RULE values ('dce-generic',
'org.apache.jetspeed.profiler.rules.impl.StandardProfilingRule',
'rule for non-logged in DCE portal users')
insert into RULE_CRITERION values ('100',
'dce-generic', 0, 'hard.coded', 'page',
'/dce-portal/dce-main-page.psml', 0)
7. assign new rule to the 'guest' user
delete from PRINCIPAL_RULE_ASSOC where principal_name
= 'guest'
insert into PRINCIPAL_RULE_ASSOC values ('guest',
'page', 'dce-generic')
insert into PRINCIPAL_RULE_ASSOC values ('guest',
'docset', 'dce-generic')
8. do the same for the 'dce-user' user
The results of all that:
in general , it worked as intended. The
pages/dce-portal/dce-main-page.psml is shown whenever
a 'guest' user accesses it. When a user logs in with a
'dce-user-role' - he also sees the second page (tab),
dce-ser-page.psml.
However, there are a few problems:
1. Empty 'Additional Links' area is shown - even
though there are no *.link files in the
pages/dce-portal/ dir
2. Empty 'Top Pages' area is shown
3. Docsets from the '/' root directory (*.ds files)
are included
I also tried to modify the profiling rule this way:
insert into RULE_CRITERION values ('100',
'dce-generic', 0, 'path', 'path', '/dce-portal', 0)
but it produced the same results.
Any idea how to avoid showing root-level elements and
empty docsets in the portal page?
I checked
decorations\layout\html\tigris\decorator-top.vm and it
seems like it does try not to show, say, 'Additional
Links' label when there are no links
(#if($site.rootLinks) .... ). My guess (without
checking the actual code) would be that it is checking
the links in the '/' directory, always, and then tries
to display links from the real working directory (in
my case - there are none).
Any insight will be greatly appreciated :-)
Marina
--- David Sean Taylor <[EMAIL PROTECTED]> wrote:
>
> On Dec 29, 2004, at 9:25 AM, Marina wrote:
>
> > Randy, thanks a lot for your answer!
> >
> > Do you know if there are plans to implement
> role-based
> > (and group-based) profiling in the future J2
> releases?
> > I would think that role-based profiling is very
> > critical for real applications.
> >
>
> You can setup the default rule to use a role-based
> algorithm, or you
> can assigned users to use a specific role algorithm
> So its not like there isn't role-based profiling in
> the system -- its
> pretty well supported, but not in the manner you are
> suggesting.
>
>
> > With the default global profiling, does it mean
> that
> > the profiling rule assigned to '*' users is used
> > UNLESS a different rule is assigned to specific
> users?
> >
> yes
> take a look at the admin profiling portlet, and the
> user admin portlet
> you can configure all profiling (no need to edit
> the tables) via the
> admin portlets although I admit its a bit difficult
> without any
> documentation
>
> > Or does it apply to all users regardless of other
> > assignments?
> >
> > Thanks,
> > Marina
> >
> > --- Randy Watler <[EMAIL PROTECTED]> wrote:
> >
> >> Marina,
> >>
> >> David is the Profiler Master, so he is much more
> >> qualified to explain its
> >> configuration and inner workings. The source is
> in
> >> components/profiler.
> >>
> >> See comments below...
> >>
> >>> It seems that profiling rules are assigned to
> the
> >>> users based on the user names.
> >>
> >> Yes.
> >>
> >>> At least this is what I
> >>> see in the PRINCIPAL_RULE_ASSOC table - I
> created a
> >>> new user, 'dce_admin', and assigned a 'security'
> >>> profiling rule to it, and the ("dce_admin",
> "page",
> >>> "security") values got inserted into the
> >>> PRINCIPAL_RULE_ASSOC table.
> >>
> >> Just FYI, the locator/rule name "security" has
> >> special meaning in J2... you
> >> might want to pick another name for your custom
> rule
> >> to avoid confusion. The
> >> "security" locator/rule is used when a user has
> an
> >> expired password and must
> >> select a new one. See details in the archives of
> the
> >> dev list.
> >>
> >>> Now my question: how could I assign a profiling
> >> rule
> >>> to a rolename, not a username?
> >>> For example, I might want all users with the
> >>> 'dce_admin_role' role to use the 'security'
> rule.
> >>
> >> We have discussed this, but it is not been
> >> implemented yet. There is a
> >> global default mechanism in place: if you specify
> a
> >> PRINCIPAL_RULE_ASSOC
> >> entry with a username of '*", it will be used for
> >> all users. This feature
> >> may not be implemented in this way in the future,
> >> but there certainly will
> >> be some other way to do the same thing.
> >>
> >> Randy
> >>
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Read only the mail you want - Yahoo! Mail
> SpamGuard.
> > http://promotions.yahoo.com/new_mail
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >
> >
>
> --
> David Sean Taylor
> Bluesunrise Software
> [EMAIL PROTECTED]
> [office] +01 707 773-4646
> [mobile] +01 707 529 9194
>
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
