On 30/03/2011 11:24 PM, robin wrote:
if config ldap security in jetspeed, need i repulicate user information into
jetspeed's database security tables?
2011-03-31
My short answer is yes.
LDAP will deal with authentication but not usually authorization.
Jetspeed needs to know what roles a user has so that it can determine
what pages and what portlets the user gets.
A order entry clerk will not have the same portal functionality as the
VP of Finance even if they both are in the LDAP.
Some one in division A may have a completely different colour scheme and
logo that someone else in division B even if they have the same job
title and both are in the LDAP.
If you want to save some work, the portlets need to be able to ask
Jetspeed what roles a user has in order to know what functions the user
can access and what content the user can see.
You can manage this using your own profiles instead or a combination of
Jetspeed and your own information.
Try to use Jetspeed in a way that avoids duplicate authorization data
which can get out of synch.
Ron
Best Regards
Robin Xie
发件人: Ron Wheeler
发送时间: 2011-03-28 22:58:45
收件人: jetspeed-user
抄送:
主题: Re: J2 Security Customization: add organization
On 28/03/2011 4:14 AM, robin wrote:
Hi
i want to add organization for user management, and try to use user, role
table created by myself, after search this topic by google, that said i can
reimplement SecurityValve, anything else for suggestion? which interfaces i
must reimplement?
2011-03-28
Best Regards
Robin Xie
We needed to have our own user profile but we kept the Jetspeed user and
role and added the additional information is a user table that used the
same username as a link between the 2 systems.
When we wanted to add/delete/maintain a role on a user, we did this on
the Jetspeed side.
This enabled us to use all the existing Jetspeed functionality that
depends on roles while having our code in control of the maintenance of
roles.
This means no modification of Jetspeed for this purpose.
We do have some custom pipelines and valves to handle SSO from client
portals and to do things like get a privacy consent form displayed and
signed the first time a user logs in.
If you do not use Jetspeed's roles, then you will have lots of things to
do to get the right content and portlets on a page if they depend on
your roles.
You will lose a lot of the value of Jetspeed and end up recreating a lot
of its functionality in your code.
Ron
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
