Thanks for replying very much ,Randy >1. Roles and groups are not hierarchical.
Oh, really? I thought the below url page said that the j2 default authorization implemented Hierarchy roles or groups. http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/hierarch y.html And If I register some hierarchical roles or groups with Preference api or something , then I can get answer about authorization api . No? Or Do you mean j2-admin demo doesn't implement it by that. If so , I can create my admin portlets . Otherwise , I got to go to JIRA. >As it is now, the permissions"hierarchy" must be managed explicitly > in the security constraints. Yeah , security constraints with directory structure , I understand. >2. Roles and Groups are parallel symmetric implementations. OK, that is what i thinnk of as well. >3. For data accessibility within the portlet, I'd suggest looking at the >isUserInRole() API that is part of the JSR-168 specification. >In the end, you may have to come up with your own custom strategy. >Please search the user list archives... user/role/group >authorization/authentication is a common and multi-faceted topic! Thanks, I will try and post if I got any update. Masashi -----Original Message----- From: Randy Watler [mailto:[EMAIL PROTECTED] Sent: Saturday, December 24, 2005 12:42 PM To: Jetspeed Users List Subject: Re: Groups and Roles,users and Hierarchy Masashi: I can answer a few of your questions: 1. Roles and groups are not hierarchical. It is an interesting design though, so you might want to enter a JIRA enhancement request for hierarchically arranged roles and groups. As it is now, the permissions "hierarchy" must be managed explicitly in the security constraints. 2. Roles and Groups are parallel symmetric implementations. The general approach is that one is used by the profiler as the primary page selection criteria and the other is uses to fine tune the end result using security. Well, that is how I think of it anyway... :-). 3. For data accessibility within the portlet, I'd suggest looking at the isUserInRole() API that is part of the JSR-168 specification. It works with the J2 roles assigned to users. In the end, you may have to come up with your own custom strategy. Please search the user list archives... user/role/group authorization/authentication is a common and multi-faceted topic! HTH, Randy On Sat, 2005-12-24 at 12:08 -0500, Masahi Nakane wrote: > Hello guys, > > I read around > http://portals.apache.org/jetspeed-2/multiproject/jetspeed-security/index.ht > ml > > But ,difficult for me. Is there any simple code and easy way to understand > about Hierarchy > Management? > > I have jetspeed2 demo site and sources with tomcat 5.0. > > And I have 2 users bob and john. > Bob is boss of john's > > Each user can insert a data into customer list table( my original table) > and the customer data is assigned to the user who inserted. > Say, John and Bob can insert customer data but > Bob can see both of data(John's and Bob's ) but John can see his own only > because of the Hierarchy. Boss can see the staff's data, not vice versa. > > Now , I want to know exactly how to make Hierarchy and make it related to > user > with Jetspeed2 or Jetspeed2 demo. > And I need to get the role infomation by some method of some object when > each user log in > and see the customer list which page is visible for loggedin users. > I think this is not about profiler because the page of customer list is > visible to both users. > This is about just hierachy. I need method something like this > > public boolean isThisDataAvailableForThisUser( User dataowner ,User > loginuser ) > > And What is the difference between groups and roles? > Both can be related to users and can have hierachy right? > > Thanks in Advance. > > Masashi > > **************************************** > Masashi Nakane > Chief Application Engineer > EBPass, Inc. > 55 Broad St., 11th Floor, New York, NY 10004, USA > (Office) 212-487-9070 > (Fax) 212-202-5067 > > [EMAIL PROTECTED] > www.ebpass.com > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
