Hi, David! I did manage solve this security constraint issue and, as you say, it wasn't necessary to edit "jetspeed-macros.vm". I don't know what I was doing wrong, but I try to do it "step by step" and I solve it. Now I have problems with fragments, but I'm discussing this in a new thread...
Thanks anyway for your time and interest. Regards, Enrique > -----Mensaje original----- > De: David Sean Taylor [mailto:[EMAIL PROTECTED] > Enviado el: viernes, 30 de junio de 2006 22:37 > Para: Jetspeed Users List > Asunto: Re: Questions about displaying tabs and security constraints > > You shouldnt have to edit the jetspeed-macros > From reading your email, Im not sure why your pages are not being > secured properly. Perhaps if you could send the page.security, > folder.metadata, and *.psml files to the list we can review them for you > > Enrique Pérez wrote: > > Hi all, > > > > I want the portal to display some tabs and hide others based on some > > user information. My intention is to hide some tabs if the user does not > > have enough permission. > > > > As I see it, after reading documentation, there are two different > > approaches: > > - configuring some "security constraint" in the "tab-denied.psml" that > > grant access only to specific users/roles/groups. > > - or creating some menu that contains that pages, and subtracting them > > from the default menu "pages" with an "exclude" tag after some kind of > > Velocity check. > > Am I wrong? > > > > I've been trying the first one, but I think I miss something with > > security constraints tags. I've defined some security constraints based > > on user's role in "page.security" file. In addition, I've created a > > "hidden.psml" with a security constraint reference to "admin" (that > > grants all permissions to role admin), so I thought this tab would not > > display 'til some user with role "admin" logs in the system. But what I > > got was the opposite effect: this "hidden" tab displays with guest user, > > and disappears when I log in as "admin/admin" ¿? I don't understand > > [Note: I only have the root folder "web-inf/pages" with the following > > files: "page.security", "folder.metadata", "tab1.psml", "tab2.psml", > > "tab3.psml" and "hidden.psml".] > > Should I modify the macro "IncludeTabsNavigation", and check user > > permissions with Velocity before rendering content? Is it possible to > > retrieve user/server information (like user name, role, permissions... > > or date on server) using a velocity macro and jetspeed api?? I've tried > > this combination: > > In "jetspeed-macros.vm" I've added at the end of > > "defineLayoutObjects" macro: > > #set($user = > > $request.getAttribute("org.apache.jetspeed.security.UserPrincipal")) > > And then in header.vm I've used it to get the user name like > > this: > > #set($username = $user.getName()) > > <div>Username: $!{username}</div> > > But I think $username is always "null" because it displays nothing > > (well, it displays "Username:") > > > > > > In addition, I also tried to apply some security constraint to a > > fragment in "tab1.psml", but the portlet still displays. I've done this: > > <fragment id="xxx" type="portlet" name="yyy"> > > <property layout="TwoColumns" name="row" value="1"/> > > <property layout="TwoColumns" name="column" value="1"/> > > <security-constraints> > > > > <security-constraints-ref>admin</security-constraints-ref> > > </security-constraints> > > </fragment> > > > > > > I'm also trying to use some especial characters (some of the characters > > listed in this page "http://www.w3schools.com/tags/ref_urlencode.asp"; in > > the section "URL-encoding %90 to %ff"), but I'm not able to use them > > inside a psml file. My first attempt was to use html code like &xxxx; > > but & seems to be a special character for psml files. How could I use > > these characters inside psml? > > > > > > Thanks in advance, > > Enrique > > > > > > PS: maybe my questions/doubts are really stupid but I'm new to J2 and > > I'm a little bit lost... =S > > > > > > > -- > David Sean Taylor > Bluesunrise Software > [EMAIL PROTECTED] > [office] +01 707 773-4646 > [mobile] +01 707 529 9194 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
