Enrique, IIRC, Fragment permissions did not make the 2.0 release cutoff. This would explain why they are not working for you. However, they were added to the 2.0.1 stable branch build that several people have successfully been using. So, I think you can use either the 2.0.1 or 2.1-dev/svn HEAD versions to get this behavior to work. Let me know ASAP if this is not the case.
HTH, Randy On Mon, 2006-07-03 at 11:25 +0200, Enrique Perez wrote: > Hi, Randy. > > I'm using Jetspeed2 (version 2.0), built with Maven 1.0.2. But I'm not > sure this would be a J2 bug, it's most likely that I'm doing something > wrong =) > I attach my files in case any of you see something weird. > > Thanks for your help. > > Regards > > > -----Mensaje original----- > > De: Randy Watler [mailto:[EMAIL PROTECTED] > > Enviado el: lunes, 03 de julio de 2006 0:41 > > Para: Jetspeed Users List > > Asunto: RE: Security constraints for fragments > > > > Enrique, > > > > If exceptions are listed first, they should be excluded, (by matching > a > > security-constraint with out a permission). For example: > > > > <security-constraints> > > <security-constraint> > > <users>jetspeed</users> > > </security-constraint> > > </security-constraints> > > > > This should have restricted ONLY the 'jetspeed' user. It appears it is > > not working for you. What version of J2 are you using? I'd like to > know > > before I go digging to find the bug :-). > > > > Randy > > > > On Fri, 2006-06-30 at 12:09 +0200, Enrique Perez wrote: > > > Hi Martin, > > > > > > I've been "playing" a little bit with security constraints in > fragments > > > and what I've grasped is that once you've allowed access to some > > > "principals" to the page (by any means: user list, group list, role > > > list), it is impossible to deny access to any "principal" that is > > > included in the granted access list. Am I wrong? > > > > > > What I was trying to achieve was: excluding specific people to a > portlet > > > that have access granted to the page. That way, some people could > access > > > to some info that others don't in the same tab... > > > > > > Regards, > > > Enrique > > > > > > > > > > > > > -----Mensaje original----- > > > > De: Martin Dulisch [mailto:[EMAIL PROTECTED] > > > > Enviado el: jueves, 29 de junio de 2006 22:19 > > > > Para: Jetspeed Users List > > > > Asunto: Re: Security constraints for fragments > > > > > > > > Hi Enrique, > > > > > > > > try this with users that do not have the manager or admin role. > These > > > > user see everything. This is what I have tested. > > > > > > > > Martin > > > > > > > > > > > > 2006/6/29, Enrique Pérez <[EMAIL PROTECTED]>: > > > > > Hi, > > > > > > > > > > As far as I can understand from documentation > > > > > > > > > (http://portals.apache.org/jetspeed-2/guides/guide-security-declarative- > > > > > psml.html), it's possible to apply some restrictions to > fragments > > > inside > > > > > a "psml page" just by writing a list of security constraints in > the > > > > > fragment definition. > > > > > In order to try this feature, I've made a testing psml page > > > accessible > > > > > just for users with role="manager". Inside it, there is a > portlet > > > whose > > > > > access is supposed to be denied for user "jetspeed" (though user > > > > > "jetspeed" has the manager role): > > > > > > > > > > <page> > > > > > … > > > > > <fragment id="hidd-p-03" type="portlet" > > > > > name="j2-admin::UserDetailsPortlet"> > > > > > <property name="row" value="1"/> > > > > > <property name="column" value="1"/> > > > > > <security-constraints> > > > > > <security-constraint> > > > > > <users>jetspeed</users> > > > > > </security-constraint> > > > > > </security-constraints> > > > > > </fragment> > > > > > … > > > > > <security-constraints> > > > > > > > > > > <security-constraints-ref>level-0b</security-constraints-ref> > > > > > </security-constraints> > > > > > </page> > > > > > > > > > > > > > > > where "level-0b" is defined in "page.security": > > > > > … > > > > > <security-constraints-def name="level-0b"> > > > > > <security-constraint> > > > > > <users>admin</users> > > > > > </security-constraint> > > > > > <security-constraint> > > > > > <roles>manager</roles> > > > > > <permissions>view</permissions> > > > > > </security-constraint> > > > > > </security-constraints-def> > > > > > … > > > > > > > > > > > > > > > Can anyone tell me what I'm doing wrong? Did anyone try this > before? > > > > > > > > > > Thanks in advance, > > > > > Enrique > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
