Hi Frank, Do you mean you see HTTP 403 errors?
The REST APIs, which are used by page navigator and toolbox, for managing page layout (/services/pagelayout/*) or managing pages (/services/pagemanagement/*) have security access checking. So, if the current user does not have proper access rights on the current content page or page node, then the user agent could get HTTP 403 errors on the REST API calls. So, the security checking of these REST APIs follow the existing Jetspeed security constraints or permissions. For example, the following REST APIs check if the current user has the *view* access right on the current content page: - http://portals.apache.org/jetspeed-2/devguide/guide-rest-api.html#Get_Content_Page - http://portals.apache.org/jetspeed-2/devguide/guide-rest-api.html#Get_Content_Fragment - http://portals.apache.org/jetspeed-2/devguide/guide-rest-api.html#Get_Decoration_of_Content_Fragment The following REST APIs check if the current user has the *edit* access right on the current content page: - http://portals.apache.org/jetspeed-2/devguide/guide-rest-api.html#Add_Content_Fragment - http://portals.apache.org/jetspeed-2/devguide/guide-rest-api.html#Delete_Content_Fragment - http://portals.apache.org/jetspeed-2/devguide/guide-rest-api.html#Move_Content_Fragment - http://portals.apache.org/jetspeed-2/devguide/guide-rest-api.html#Change_the_portlet_mode_and_window_state_on_Content_Fragment And, all REST APIs to manage pages are allowed only to users having edit access on the target page node. - http://portals.apache.org/jetspeed-2/devguide/guide-rest-api.html#Page_Management_Service Regards, Woonsan ----- Original Message ---- > From: Frank Otto <[email protected]> > To: Jetspeed Users List <[email protected]> > Sent: Fri, May 7, 2010 9:55:21 AM > Subject: Toolbox Portlet: Access Denied. > > Hi, I get the message "Access Denied.", if my user is loggedin. Which > security-constraint is used for toolbox? The same problem I have with > PageNavigator. kind > regards, Frank --------------------------------------------------------------------- To > unsubscribe, e-mail: > ymailto="mailto:[email protected]"; > href="mailto:[email protected]";>[email protected] For > additional commands, e-mail: > ymailto="mailto:[email protected]"; > href="mailto:[email protected]";>[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
