problem for session- timeout
Hi, I want to modify the duration of my user session so i modified in the TurbineRessources.properties, the pârameter session.timeout to 10800, it seems to work but when i change to an other role, it seems to ignore my changes and stay to default timeout (120, i think). Did i forget to modify an other parameter ? If someone has an idea about my problem, any help will be more than welcome Regards Bertrand - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed2 M1 security setup
Thanks, Randy,
I tried adding the new role directly into the HSQL DB
like this:
INSERT INTO SECURITY_PRINCIPAL
VALUES(15,'org.apache.jetspeed.security.JetspeedRolePrincipalImpl',0,1,'/role/dce-admin-role','2004-12-15
16:27:12.572','2004-12-15 16:27:12.572');
I ran this sql query directly on the HSQL DB, without
modifying the populate-userinfo-for-default-psml.sql
and rebuilding J2.
After I restarted J2, though, the new role is still
not displayed in the list of available roles in the
Role Management portlet. And asigning this role to a
user through the User Manegement portlet did not
work either.
Is this the only table I have to update
('security_principal') in order to create a new role,
or are there some other related tables that I missed?
Thanks,
Marina
--- Randy Watler [EMAIL PROTECTED] wrote:
Marina,
There you have it, (thanks David).
It is a simple matter to add users, roles, groups,
etc. directly to the
DB in the interim. See one of the following scripts:
CVS - src/sql/populate-userinfo-for-default-psml.sql
CVS - src/sql/db
name/populate-userinfo-for-default-psml.sql
M1 -
jetspeed-database/scripts/sql/DML/populate-userinfo-for-default-psml.sql
M1 - jetspeed-database/scripts/sql/DML/db
name/populate-userinfo-for-default-psml.sql
Randy
David Le Strat wrote:
Marina,
Implementation of the role management portlet is
not
complete.
Regards,
David Le Strat.
--- Marina [EMAIL PROTECTED] wrote:
Randy, thanks a lot for your help! I was able to
setup
a basic access control to my portlet's view and
Edit
mode.
I do have more questions on the user management in
J2,
though :)
I've created a new user, dce-admin, using the
Administrative Portlets as 'admin' user. This
worked
fine, and I was able to detect this user through
the
PortletResponse.getUserPrincipal().
I've also tried to create a new role, say
dce-admin-role, and assign this role to the new
user.
This , unfortunately, did not work. I entered the
new
role name into the corresponding form (Add Role)
of
the Role Management tab, but it was never added
to
the list of the available roles and when I tried
to
assign this role to the new user I've got an error
from J2 complaining that this role does not exist:
*** New Full Path: /role/dce-admin-role
failed to add user to role: dce-admin,
dce-admin-roleorg.apache.jetspeed.security.SecurityException:
The role does not exist. dce-admin-role
*** New Full Path: /role/dce-admin-role
Any idea why this is not working?
Thanks,
Marina
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed2 M1 security setup
Marina,
If you are doing this manually, you also need to set
up the role hierarchy manager. In SQL terms, this
means something like this:
INSERT INTO PREFS_NODE
VALUES(200,196,'dce-admin-role',0,'/role/dce-admin-role','2004-05-22
16:27:12.472','2004-05-22 16:27:12.472');
You can also use the RoleManager to add the role you
want to set up.
Regards,
David.
--- Marina [EMAIL PROTECTED] wrote:
Thanks, Randy,
I tried adding the new role directly into the HSQL
DB
like this:
INSERT INTO SECURITY_PRINCIPAL
VALUES(15,'org.apache.jetspeed.security.JetspeedRolePrincipalImpl',0,1,'/role/dce-admin-role','2004-12-15
16:27:12.572','2004-12-15 16:27:12.572');
I ran this sql query directly on the HSQL DB,
without
modifying the populate-userinfo-for-default-psml.sql
and rebuilding J2.
After I restarted J2, though, the new role is still
not displayed in the list of available roles in the
Role Management portlet. And asigning this role to
a
user through the User Manegement portlet did not
work either.
Is this the only table I have to update
('security_principal') in order to create a new
role,
or are there some other related tables that I
missed?
Thanks,
Marina
--- Randy Watler [EMAIL PROTECTED] wrote:
Marina,
There you have it, (thanks David).
It is a simple matter to add users, roles, groups,
etc. directly to the
DB in the interim. See one of the following
scripts:
CVS -
src/sql/populate-userinfo-for-default-psml.sql
CVS - src/sql/db
name/populate-userinfo-for-default-psml.sql
M1 -
jetspeed-database/scripts/sql/DML/populate-userinfo-for-default-psml.sql
M1 - jetspeed-database/scripts/sql/DML/db
name/populate-userinfo-for-default-psml.sql
Randy
David Le Strat wrote:
Marina,
Implementation of the role management portlet is
not
complete.
Regards,
David Le Strat.
--- Marina [EMAIL PROTECTED] wrote:
Randy, thanks a lot for your help! I was able to
setup
a basic access control to my portlet's view and
Edit
mode.
I do have more questions on the user management
in
J2,
though :)
I've created a new user, dce-admin, using the
Administrative Portlets as 'admin' user. This
worked
fine, and I was able to detect this user through
the
PortletResponse.getUserPrincipal().
I've also tried to create a new role, say
dce-admin-role, and assign this role to the new
user.
This , unfortunately, did not work. I entered
the
new
role name into the corresponding form (Add
Role)
of
the Role Management tab, but it was never
added
to
the list of the available roles and when I tried
to
assign this role to the new user I've got an
error
from J2 complaining that this role does not
exist:
*** New Full Path: /role/dce-admin-role
failed to add user to role: dce-admin,
dce-admin-roleorg.apache.jetspeed.security.SecurityException:
The role does not exist. dce-admin-role
*** New Full Path: /role/dce-admin-role
Any idea why this is not working?
Thanks,
Marina
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed-1 vs 2
Colin Freas wrote: So, I'm just beginning to evaluate Jetspeed as a candidate for implementing a portal. Lots of questions, as you might expect. Probably the biggest: I'm not sure what the practical implications of using Jetspeed 1 verses 2 are, in either the short term or the long. From what I've read, a major release of Jetspeed 2 is due early in 2005, but, judging by the Jetspeed 1 and 2 branches of the Portals web site, Jetspeed 2 seems, frankly, in a nascent state of development. The notion of which is reinforced by this excellent note by Scott Weaver: http://www.mail-archive.com/jetspeed-user@jakarta.apache.org/msg11763.html The first Jetspeed-2 release came out two weeks ago: http://www.mail-archive.com/jetspeed-user@jakarta.apache.org/msg14416.html So, that was late March, now it's mid-Decmeber. Anything fundamentally different from what was outlined there? Are all of those features on track for the release? The release date of early 2005, by the way, I get from this article by Bob Fleischman: http://www.javaworld.com/javaworld/jw-11-2004/jw-1129-jetspeed.html A nice technical piece on Jetspeed 1, but mentions explicitly that the example developed within will not function correctly with J2. My question here would then be: how different would the same example be in J2? Jetspeed-2 requires JSR-168 compatible portlets which don't run on a Jetspeed-1. I recommend that you develop portlets for J2 since they can be deployed to any other Portal that supports JSR-168 portlets And that brings me to a couple of questions related directly to my first point about J1 vs J2. Iis it recommended, at this point, to develop new projects soley using J2? Is it expected that sites using J1 will eventually migrate to J2, or will J1 be supported and developed indefinitely? Thanks for any thoughts. Colin Freas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed2 M1 security setup
Yes, it did work!
The original SQL query did not work right away, so I
looked more closely into the DB schema and guessed
that I should be using the '/role' node's node_id as
the 'parent_node_id' (204). That was a lucky guess and
the following query worked fine:
INSERT INTO PREFS_NODE
VALUES(200,204,'dce-admin-role',0,'/role/dce-admin-role','2004-05-22
16:27:12.472','2004-05-22 16:27:12.472');
After that, I was able to see the new role,
'dce-admin-role', in the 'Role Management' portlet's
list, and was able to assign this role to a user and
see it detected correctly by
PortletRequest.isUserInRole(dce-admin-role).
Thanks a lot for your help!
Marina
--- David Le Strat [EMAIL PROTECTED] wrote:
Marina,
If you are doing this manually, you also need to set
up the role hierarchy manager. In SQL terms, this
means something like this:
INSERT INTO PREFS_NODE
VALUES(200,196,'dce-admin-role',0,'/role/dce-admin-role','2004-05-22
16:27:12.472','2004-05-22 16:27:12.472');
You can also use the RoleManager to add the role you
want to set up.
Regards,
David.
--- Marina [EMAIL PROTECTED] wrote:
Thanks, Randy,
I tried adding the new role directly into the HSQL
DB
like this:
INSERT INTO SECURITY_PRINCIPAL
VALUES(15,'org.apache.jetspeed.security.JetspeedRolePrincipalImpl',0,1,'/role/dce-admin-role','2004-12-15
16:27:12.572','2004-12-15 16:27:12.572');
I ran this sql query directly on the HSQL DB,
without
modifying the
populate-userinfo-for-default-psml.sql
and rebuilding J2.
After I restarted J2, though, the new role is
still
not displayed in the list of available roles in
the
Role Management portlet. And asigning this role
to
a
user through the User Manegement portlet did not
work either.
Is this the only table I have to update
('security_principal') in order to create a new
role,
or are there some other related tables that I
missed?
Thanks,
Marina
--- Randy Watler [EMAIL PROTECTED] wrote:
Marina,
There you have it, (thanks David).
It is a simple matter to add users, roles,
groups,
etc. directly to the
DB in the interim. See one of the following
scripts:
CVS -
src/sql/populate-userinfo-for-default-psml.sql
CVS - src/sql/db
name/populate-userinfo-for-default-psml.sql
M1 -
jetspeed-database/scripts/sql/DML/populate-userinfo-for-default-psml.sql
M1 - jetspeed-database/scripts/sql/DML/db
name/populate-userinfo-for-default-psml.sql
Randy
David Le Strat wrote:
Marina,
Implementation of the role management portlet
is
not
complete.
Regards,
David Le Strat.
--- Marina [EMAIL PROTECTED] wrote:
Randy, thanks a lot for your help! I was able
to
setup
a basic access control to my portlet's view
and
Edit
mode.
I do have more questions on the user
management
in
J2,
though :)
I've created a new user, dce-admin, using the
Administrative Portlets as 'admin' user.
This
worked
fine, and I was able to detect this user
through
the
PortletResponse.getUserPrincipal().
I've also tried to create a new role, say
dce-admin-role, and assign this role to the
new
user.
This , unfortunately, did not work. I entered
the
new
role name into the corresponding form (Add
Role)
of
the Role Management tab, but it was never
added
to
the list of the available roles and when I
tried
to
assign this role to the new user I've got an
error
from J2 complaining that this role does not
exist:
*** New Full Path: /role/dce-admin-role
failed to add user to role: dce-admin,
dce-admin-roleorg.apache.jetspeed.security.SecurityException:
The role does not exist. dce-admin-role
*** New Full Path: /role/dce-admin-role
Any idea why this is not working?
Thanks,
Marina
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty
viruses.
http://promotions.yahoo.com/new_mail
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced
search.
http://info.mail.yahoo.com/mail_250
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
=== message truncated ===
__
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
Re: Jetspeed-1 vs 2
Well, since none of the regular contributors to Jetspeed have fielded this, I'll take a swing. I'm using Jetspeed 1.5 for a project that started in September, and have been quite happy with it. I think your choice between J1 and J2 is based on a couple of things: 1. How important is JSR 168 compliance? If it's important, J2 or J1.6 might be a viable solution. To me, it's not that important since we're developing all of our own portlets. 2. How much do you like being on the bleeding edge? I'm not a huge fan, which is why I went with J1. The documentation for J1 is very good for an open source project. 3. How soon is your project starting? I don't know what the roadmap to J2 looks like, but the longer you can afford to wait, the better J2 will be. (Looks like there's a roadmap here: http://wiki.apache.org/portals/Jetspeed2/RoadMap; doesn't seem to be too up to date.) I also believe (am not sure) that there's going to be a Jetspeed 1.6 release which will be based on J2, but will run Jetspeed 1.5 portlets. Could be wrong though. Good luck. Dan --- Colin Freas [EMAIL PROTECTED] wrote: So, I'm just beginning to evaluate Jetspeed as a candidate for implementing a portal. Lots of questions, as you might expect. Probably the biggest: I'm not sure what the practical implications of using Jetspeed 1 verses 2 are, in either the short term or the long. From what I've read, a major release of Jetspeed 2 is due early in 2005, but, judging by the Jetspeed 1 and 2 branches of the Portals web site, Jetspeed 2 seems, frankly, in a nascent state of development. The notion of which is reinforced by this excellent note by Scott Weaver: http://www.mail-archive.com/jetspeed-user@jakarta.apache.org/msg11763.html So, that was late March, now it's mid-Decmeber. Anything fundamentally different from what was outlined there? Are all of those features on track for the release? The release date of early 2005, by the way, I get from this article by Bob Fleischman: http://www.javaworld.com/javaworld/jw-11-2004/jw-1129-jetspeed.html A nice technical piece on Jetspeed 1, but mentions explicitly that the example developed within will not function correctly with J2. My question here would then be: how different would the same example be in J2? And that brings me to a couple of questions related directly to my first point about J1 vs J2. Iis it recommended, at this point, to develop new projects soley using J2? Is it expected that sites using J1 will eventually migrate to J2, or will J1 be supported and developed indefinitely? Thanks for any thoughts. Colin Freas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Jetspeed2 M1 security setup
I've been working through this thread. It's very helpful. Thanks to Marina and Randy for providing some good documentation here. As I have worked through this, I have a follow up question... Is there a way in a psml file or in one of the deployment descriptors to require a role before displaying some of the portlets on a page? I want to modify the default page so that only the login portlet is visible until a user logs in. If I make the entire page require a role, then I can't log in to establish my identity. Thanks, Doug -Original Message- From: Marina [mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004 4:35 PM To: Jetspeed Users List Subject: RE: Jetspeed2 M1 security setup Randy, thanks a lot for your help! I was able to setup a basic access control to my portlet's view and Edit mode. I do have more questions on the user management in J2, though :) I've created a new user, dce-admin, using the Administrative Portlets as 'admin' user. This worked fine, and I was able to detect this user through the PortletResponse.getUserPrincipal(). I've also tried to create a new role, say dce-admin-role, and assign this role to the new user. This , unfortunately, did not work. I entered the new role name into the corresponding form (Add Role) of the Role Management tab, but it was never added to the list of the available roles and when I tried to assign this role to the new user I've got an error from J2 complaining that this role does not exist: *** New Full Path: /role/dce-admin-role failed to add user to role: dce-admin, dce-admin-roleorg.apache.jetspeed.security.SecurityException: The role does not exist. dce-admin-role *** New Full Path: /role/dce-admin-role Any idea why this is not working? Thanks, Marina --- Randy Watler [EMAIL PROTECTED] wrote: Marina, Thanks for using the jetspeed user list! Comments below. Randy -Original Message- From: Marina To: 'Jetspeed Users List ' Sent: 12/6/04 5:06 PM Subject: RE: Jetspeed2 M1 security setup (was: jetspeed-newbie Roles-Groups-Users) Hi, I've successfully built and installed J2 M1 and was looking into the demo applications to figure out how to setup access control for portlets/pages. After checking out some example portlets , like RoleSecurityTest and Login, and their source code, I think I have some idea of how to approach the task but I would like to clarify some topics. First, I'll list my assumptions and then ask questions: 1. tomcat-5.0.30-j2-M1\webapps\jetspeed\WEB-INF\pages\page.security file specifies 'Edit'/'View' permissions for the default Portal's page, defined in default-page.psml The /page.security file defines named security constraints that can be referenced here or in individual page, folder meta data, link, or document set documents. The scope of this file is global across the entire site. References take the form of global-security-constraints-ref/, (which appear only in /page.security), or security-constraints-ref/. Thus, this part : security-constraints-def name=admin security-constraint rolesadmin/roles permissionsview, edit/permissions /security-constraint /security-constraints-def means that only a user with the role 'admin' can edit the layout of the page. Yes, since this fragment is referenced in a global-security-constraints-ref/, it applies to all documents in the site. And this fragment: security-constraints-def name=manager security-constraint rolesmanager/roles permissionsview/permissions /security-constraint /security-constraints-def means that a user with the role 'manager' can view the page. Yes, where used with a security-constraints-ref/. However, anybody can view this default page in reality - even before a user logs in. You don't need any special privileges to access http://localhost:8080/jetspeed to see the page. My assumption is that it is because security constraints are overwritten in the pages/folder.metadata file (see below). Is that true? Not exactly. The override is in the default-page.psml itself, (user=*, permission=view). What is the scope of the page.security definitions and where are they used? See above. 2. each folder under /pages directory (including /pages itself) has a folder.metadata file where more security-constraints are defined for that folder. For example, here is pages/folder.metadata: . security-constraints security-constraint rolesuser/roles permissionsview/permissions /security-constraint security-constraints-refmanager/security-constraints-ref /security-constraints This should be commented out in M1. security-constraints security-constraint users*/users permissionsview/permissions /security-constraint /security-constraints /folder And this is why all users can see the default page. (Is that true?)
Re: Jetspeed2 M1 security setup
Randy Watler wrote: Doug, Portlet level security constraints are apparently the responsibility of the portlet writer to implement, so the portal and portlet container will always display the portlet. We just received clarification on this from the pluto mail list: http://nagoya.apache.org/eyebrowse/ReadMsg?listId=261msgNo=2160 One small correction: only the portlet container should not enforce security constraints according to the portlet specification. The portal can, as Randy showed in the example below. Another solution would be to use security constraints on a page, restricting (certain type of) access to only certain users, roles or groups. Furthermore, this should not only be possible on page level but even on (psml) fragment level, but that isn't yet implemented I think (Randy?). If (when) it is, you can simply restrict certain parts of a page to certain users, groups and/or roles. So, one way to achieve what you are after is to use the profiler. When the user is not logged in, they are known as 'guest'. By default, users are profiled using the 'j1' rule. This all boils down to the fact that unauthenticated users can be directed to pages placed in the .../WEB-INF/pages/_user/guest directory. Place your stripped down version of your pages in this 'guest' directory, (without your role security), and then secure all the rest of the pages in your site by role. HTH, Randy Doug Schnelzer wrote: I've been working through this thread. It's very helpful. Thanks to Marina and Randy for providing some good documentation here. As I have worked through this, I have a follow up question... Is there a way in a psml file or in one of the deployment descriptors to require a role before displaying some of the portlets on a page? I want to modify the default page so that only the login portlet is visible until a user logs in. If I make the entire page require a role, then I can't log in to establish my identity. Thanks, Doug -Original Message- From: Marina [mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004 4:35 PM To: Jetspeed Users List Subject: RE: Jetspeed2 M1 security setup Randy, thanks a lot for your help! I was able to setup a basic access control to my portlet's view and Edit mode. I do have more questions on the user management in J2, though :) I've created a new user, dce-admin, using the Administrative Portlets as 'admin' user. This worked fine, and I was able to detect this user through the PortletResponse.getUserPrincipal(). I've also tried to create a new role, say dce-admin-role, and assign this role to the new user. This , unfortunately, did not work. I entered the new role name into the corresponding form (Add Role) of the Role Management tab, but it was never added to the list of the available roles and when I tried to assign this role to the new user I've got an error from J2 complaining that this role does not exist: *** New Full Path: /role/dce-admin-role failed to add user to role: dce-admin, dce-admin-roleorg.apache.jetspeed.security.SecurityException: The role does not exist. dce-admin-role *** New Full Path: /role/dce-admin-role Any idea why this is not working? Thanks, Marina --- Randy Watler [EMAIL PROTECTED] wrote: Marina, Thanks for using the jetspeed user list! Comments below. Randy -Original Message- From: Marina To: 'Jetspeed Users List ' Sent: 12/6/04 5:06 PM Subject: RE: Jetspeed2 M1 security setup (was: jetspeed-newbie Roles-Groups-Users) Hi, I've successfully built and installed J2 M1 and was looking into the demo applications to figure out how to setup access control for portlets/pages. After checking out some example portlets , like RoleSecurityTest and Login, and their source code, I think I have some idea of how to approach the task but I would like to clarify some topics. First, I'll list my assumptions and then ask questions: 1. tomcat-5.0.30-j2-M1\webapps\jetspeed\WEB-INF\pages\page.security file specifies 'Edit'/'View' permissions for the default Portal's page, defined in default-page.psml The /page.security file defines named security constraints that can be referenced here or in individual page, folder meta data, link, or document set documents. The scope of this file is global across the entire site. References take the form of global-security-constraints-ref/, (which appear only in /page.security), or security-constraints-ref/. Thus, this part : security-constraints-def name=admin security-constraint rolesadmin/roles permissionsview, edit/permissions /security-constraint /security-constraints-def means that only a user with the role 'admin' can edit the layout of the page. Yes, since this fragment is referenced in a global-security-constraints-ref/, it applies to all documents in the site. And this fragment: security-constraints-def name=manager security-constraint rolesmanager/roles
Failed to initalize jetspeed ,What's wrong with it?
My environment is : j2sdk1.4.2_06 + Tomcat 5.0.28. Built and deployed successufully, but I get the exception when I open http://localhost:8080/jetspeed. Who can tell me what's wrong? Thanx in advance! exception javax.servlet.ServletException: Failed to initalize jetspeed. org.apache.jetspeed.exception.JetspeedException: Unable to create Engine org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:206) javax.servlet.http.HttpServlet.service(HttpServlet.java:689) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java:670) org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:637) org.apache.jsp.index_jsp._jspService(index_jsp.java:45) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jetspeed.exception.JetspeedException: Unable to create Engine org.apache.jetspeed.Jetspeed.createEngine(Jetspeed.java:76) org.apache.jetspeed.engine.JetspeedServlet.init(JetspeedServlet.java:135) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:216) org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256) org.apache.commons.digester.Rule.end(Rule.java:276) org.apache.commons.digester.Digester.endElement(Digester.java:1058) org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.java:76) org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) org.apache.xerces.parsers.XMLParser.parse(Unknown Source) org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) org.apache.commons.digester.Digester.parse(Digester.java:1567) org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:483) org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:427) org.apache.catalina.startup.HostConfig.start(HostConfig.java:983) org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349) org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) org.apache.catalina.startup.Catalina.start(Catalina.java:556) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) _ Do You Yahoo!? 150MP3 http://music.yisou.com/ http://image.yisou.com 1G1000 http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mail_1g/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: PortletRequest using struts portals bridge
Thank you both very much! I knew it had to be something simple...
These preferences are then stored in one of the Jetspeed 2 tables,
right? Even for Fusion?
-- Jeff
On Tue, 14 Dec 2004 23:22:59 +0100, Ate Douma [EMAIL PROTECTED] wrote:
Ate Douma wrote:
See Portlet Specification Chapter 16: Dispatching Requests to Servlets
and JSP
PLT.16.3.2 Included Request A ttributes
In addition to the request attributes specified in Servlet Specification
2.3, SRV.8.3.1
Section, the included servlet or JSP must have the following request
attributes set:
Request Attribute Type
javax.portlet.configjavax.portlet.PortletConfig
javax.portlet.request javax.portlet.RenderRequest
javax.portlet.response javax.portlet.RenderResponse
Example:
RenderRequest renderRequest =
(RenderRequest)servletRequest.getAttribute(javax.portlet.request);
To add to the above: the Portlet spec only deals with dispatched requests
to Servlets and JSP during the RenderRequest phase. But, using the Struts
Bridge,
Servlets (e.g. Struts) is also dispatched to during the ActionRequest phase.
In the ActionRequest phase, the above example will result in a
ClassCastException.
To prevent that you can use the following generic solution:
PortletRequest portletRequest =
(PortletRequest)servletRequest.getAttribute(javax.portlet.request);
if ( portletRequest instanceof ActionRequest ) {
ActionRequest actionRequest = (ActionRequest)portletRequest;
// do your actionRequest thing
} else {
RenderRequest renderRequest = (RenderRequest)portletRequest;
// do your renderRequest thing
}
Jeff Sheets wrote:
Does anyone know how to get the PortletRequest from inside the struts
execute() method when using the struts portals bridge? I need to
access the PortletPreferences. I tried casting the HttpServletRequest
to a PortletRequest but that didn't work. Is it stored in the session
or elsewhere?
Thank you,
-- Jeff
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Failed to initalize jetspeed ,What's wrong with it?
I get the same error. Tried both MySQL and hypersonic. Initialisation of the database went ok in both cases. Any ideas? /Marty On Wednesday 15 December 2004 11:53, Michael Aemisegger wrote: Did you start the hypersonic db? boo hou wrote: My environment is : j2sdk1.4.2_06 + Tomcat 5.0.28. Built and deployed successufully, but I get the exception when I open http://localhost:8080/jetspeed. Who can tell me what's wrong? Thanx in advance! exception javax.servlet.ServletException: Failed to initalize jetspeed. org.apache.jetspeed.exception.JetspeedException: Unable to create Engine org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:206 ) javax.servlet.http.HttpServlet.service(HttpServlet.java:689) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java: 670) org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:63 7) org.apache.jsp.index_jsp._jspService(index_jsp.java:45) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.jav a:324) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jetspeed.exception.JetspeedException: Unable to create Engine org.apache.jetspeed.Jetspeed.createEngine(Jetspeed.java:76) org.apache.jetspeed.engine.JetspeedServlet.init(JetspeedServlet.java:135) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java :39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI mpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:21 6) org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256) org.apache.commons.digester.Rule.end(Rule.java:276) org.apache.commons.digester.Digester.endElement(Digester.java:1058) org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.jav a:76) org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unkn own Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDisp atcher.dispatch(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknow n Source) org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) org.apache.xerces.parsers.XMLParser.parse(Unknown Source) org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) org.apache.commons.digester.Digester.parse(Digester.java:1567) org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java: 483) org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:427) org.apache.catalina.startup.HostConfig.start(HostConfig.java:983) org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349 ) org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSup port.java:119) org.apache.catalina.startup.Catalina.start(Catalina.java:556) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java :39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI mpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) _ Do You Yahoo!? 150MP3 http://music.yisou.com/ http://image.yisou.com 1G1000 http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mai l_1g/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed2 M1 security setup
Doug, Portlet level security constraints are apparently the responsibility of the portlet writer to implement, so the portal and portlet container will always display the portlet. We just received clarification on this from the pluto mail list: http://nagoya.apache.org/eyebrowse/ReadMsg?listId=261msgNo=2160 So, one way to achieve what you are after is to use the profiler. When the user is not logged in, they are known as 'guest'. By default, users are profiled using the 'j1' rule. This all boils down to the fact that unauthenticated users can be directed to pages placed in the .../WEB-INF/pages/_user/guest directory. Place your stripped down version of your pages in this 'guest' directory, (without your role security), and then secure all the rest of the pages in your site by role. HTH, Randy Doug Schnelzer wrote: I've been working through this thread. It's very helpful. Thanks to Marina and Randy for providing some good documentation here. As I have worked through this, I have a follow up question... Is there a way in a psml file or in one of the deployment descriptors to require a role before displaying some of the portlets on a page? I want to modify the default page so that only the login portlet is visible until a user logs in. If I make the entire page require a role, then I can't log in to establish my identity. Thanks, Doug -Original Message- From: Marina [mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004 4:35 PM To: Jetspeed Users List Subject: RE: Jetspeed2 M1 security setup Randy, thanks a lot for your help! I was able to setup a basic access control to my portlet's view and Edit mode. I do have more questions on the user management in J2, though :) I've created a new user, dce-admin, using the Administrative Portlets as 'admin' user. This worked fine, and I was able to detect this user through the PortletResponse.getUserPrincipal(). I've also tried to create a new role, say dce-admin-role, and assign this role to the new user. This , unfortunately, did not work. I entered the new role name into the corresponding form (Add Role) of the Role Management tab, but it was never added to the list of the available roles and when I tried to assign this role to the new user I've got an error from J2 complaining that this role does not exist: *** New Full Path: /role/dce-admin-role failed to add user to role: dce-admin, dce-admin-roleorg.apache.jetspeed.security.SecurityException: The role does not exist. dce-admin-role *** New Full Path: /role/dce-admin-role Any idea why this is not working? Thanks, Marina --- Randy Watler [EMAIL PROTECTED] wrote: Marina, Thanks for using the jetspeed user list! Comments below. Randy -Original Message- From: Marina To: 'Jetspeed Users List ' Sent: 12/6/04 5:06 PM Subject: RE: Jetspeed2 M1 security setup (was: jetspeed-newbie Roles-Groups-Users) Hi, I've successfully built and installed J2 M1 and was looking into the demo applications to figure out how to setup access control for portlets/pages. After checking out some example portlets , like RoleSecurityTest and Login, and their source code, I think I have some idea of how to approach the task but I would like to clarify some topics. First, I'll list my assumptions and then ask questions: 1. tomcat-5.0.30-j2-M1\webapps\jetspeed\WEB-INF\pages\page.security file specifies 'Edit'/'View' permissions for the default Portal's page, defined in default-page.psml The /page.security file defines named security constraints that can be referenced here or in individual page, folder meta data, link, or document set documents. The scope of this file is global across the entire site. References take the form of global-security-constraints-ref/, (which appear only in /page.security), or security-constraints-ref/. Thus, this part : security-constraints-def name=admin security-constraint rolesadmin/roles permissionsview, edit/permissions /security-constraint /security-constraints-def means that only a user with the role 'admin' can edit the layout of the page. Yes, since this fragment is referenced in a global-security-constraints-ref/, it applies to all documents in the site. And this fragment: security-constraints-def name=manager security-constraint rolesmanager/roles permissionsview/permissions /security-constraint /security-constraints-def means that a user with the role 'manager' can view the page. Yes, where used with a security-constraints-ref/. However, anybody can view this default page in reality - even before a user logs in. You don't need any special privileges to access http://localhost:8080/jetspeed to see the page. My assumption is that it is because security constraints are overwritten in the pages/folder.metadata file (see below). Is that true? Not exactly. The override is in the
Re: Jetspeed2 M1 security setup
Ate Douma wrote: Randy Watler wrote: Doug, Portlet level security constraints are apparently the responsibility of the portlet writer to implement, so the portal and portlet container will always display the portlet. We just received clarification on this from the pluto mail list: http://nagoya.apache.org/eyebrowse/ReadMsg?listId=261msgNo=2160 One small correction: only the portlet container should not enforce security constraints according to the portlet specification. The portal can, as Randy showed in the example below. Another solution would be to use security constraints on a page, restricting (certain type of) access to only certain users, roles or groups. Just to be clear, I think Doug is trying to control access by role at the page level but wants finer grain control over portlet in the page. This is not available now, so I was proposing he try controlling acess to two different pages with appropriate portlet subsets via the profiler. Furthermore, this should not only be possible on page level but even on (psml) fragment level, but that isn't yet implemented I think (Randy?). This is not implemented in M1. If (when) it is, you can simply restrict certain parts of a page to certain users, groups and/or roles. Well, David and I discussed this just before M1 was released. I actually had it implemented on the fragment level, but we figured that the portlet security constraints would be sufficient/conflicting, so we removed it. However, we did not have the Pluto ruling then. So, we'll have to revist this for M2. I'll add it to my to-do list. So, one way to achieve what you are after is to use the profiler. When the user is not logged in, they are known as 'guest'. By default, users are profiled using the 'j1' rule. This all boils down to the fact that unauthenticated users can be directed to pages placed in the .../WEB-INF/pages/_user/guest directory. Place your stripped down version of your pages in this 'guest' directory, (without your role security), and then secure all the rest of the pages in your site by role. HTH, Randy Doug Schnelzer wrote: I've been working through this thread. It's very helpful. Thanks to Marina and Randy for providing some good documentation here. As I have worked through this, I have a follow up question... Is there a way in a psml file or in one of the deployment descriptors to require a role before displaying some of the portlets on a page? I want to modify the default page so that only the login portlet is visible until a user logs in. If I make the entire page require a role, then I can't log in to establish my identity. Thanks, Doug - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
