problem for session- timeout
Hi, I want to modify the duration of my user session so i modified in the TurbineRessources.properties, the pârameter session.timeout to 10800, it seems to work but when i change to an other role, it seems to ignore my changes and stay to default timeout (120, i think). Did i forget to modify an other parameter ? If someone has an idea about my problem, any help will be more than welcome Regards Bertrand - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: "Failed to initalize jetspeed" ,What's wrong with it?
Did you start the hypersonic db? boo hou wrote: > My environment is : j2sdk1.4.2_06 + Tomcat 5.0.28. > Built and deployed successufully, but I get the > exception when I open http://localhost:8080/jetspeed. > Who can tell me what's wrong? Thanx in advance! > > exception > > javax.servlet.ServletException: Failed to initalize > jetspeed. > org.apache.jetspeed.exception.JetspeedException: > Unable to create Engine > > org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:206) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java:670) > > org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:637) > > org.apache.jsp.index_jsp._jspService(index_jsp.java:45) > > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324) > > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) > > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) > > javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > root cause > > org.apache.jetspeed.exception.JetspeedException: > Unable to create Engine > > org.apache.jetspeed.Jetspeed.createEngine(Jetspeed.java:76) > > org.apache.jetspeed.engine.JetspeedServlet.init(JetspeedServlet.java:135) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > java.lang.reflect.Method.invoke(Method.java:324) > > org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:216) > > org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256) > org.apache.commons.digester.Rule.end(Rule.java:276) > > org.apache.commons.digester.Digester.endElement(Digester.java:1058) > > org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.java:76) > > org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown > Source) > > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown > Source) > > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown > Source) > > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown > Source) > > org.apache.xerces.parsers.XML11Configuration.parse(Unknown > Source) > > org.apache.xerces.parsers.XML11Configuration.parse(Unknown > Source) > org.apache.xerces.parsers.XMLParser.parse(Unknown > Source) > > org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown > Source) > > org.apache.commons.digester.Digester.parse(Digester.java:1567) > > org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:483) > > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:427) > > org.apache.catalina.startup.HostConfig.start(HostConfig.java:983) > > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349) > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) > > org.apache.catalina.startup.Catalina.start(Catalina.java:556) > sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > java.lang.reflect.Method.invoke(Method.java:324) > > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) > > > _ > Do You Yahoo!? > 150万曲MP3疯狂搜,带您闯入音乐殿堂 > http://music.yisou.com/ > 美女明星应有尽有,搜遍美图、艳图和酷图 > http://image.yisou.com > 1G就是1000兆,雅虎电邮自助扩容! > http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mail_1g/ > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed2 M1 security setup
Thanks, Randy,
I tried adding the new role directly into the HSQL DB
like this:
INSERT INTO SECURITY_PRINCIPAL
VALUES(15,'org.apache.jetspeed.security.JetspeedRolePrincipalImpl',0,1,'/role/dce-admin-role','2004-12-15
16:27:12.572','2004-12-15 16:27:12.572');
I ran this sql query directly on the HSQL DB, without
modifying the populate-userinfo-for-default-psml.sql
and rebuilding J2.
After I restarted J2, though, the new role is still
not displayed in the list of available roles in the
"Role Management" portlet. And asigning this role to a
user through the "User Manegement" portlet did not
work either.
Is this the only table I have to update
('security_principal') in order to create a new role,
or are there some other related tables that I missed?
Thanks,
Marina
--- Randy Watler <[EMAIL PROTECTED]> wrote:
> Marina,
>
> There you have it, (thanks David).
>
> It is a simple matter to add users, roles, groups,
> etc. directly to the
> DB in the interim. See one of the following scripts:
>
> CVS - src/sql/populate-userinfo-for-default-psml.sql
> CVS - src/sql/ name>/populate-userinfo-for-default-psml.sql
> M1 -
>
jetspeed-database/scripts/sql/DML/populate-userinfo-for-default-psml.sql
> M1 - jetspeed-database/scripts/sql/DML/ name>/populate-userinfo-for-default-psml.sql
>
> Randy
>
> David Le Strat wrote:
>
> >Marina,
> >
> >Implementation of the role management portlet is
> not
> >complete.
> >
> >Regards,
> >
> >David Le Strat.
> >--- Marina <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >>Randy, thanks a lot for your help! I was able to
> >>setup
> >>a basic access control to my portlet's view and
> Edit
> >>mode.
> >>I do have more questions on the user management in
> >>J2,
> >>though :)
> >>
> >>I've created a new user, dce-admin, using the
> >>"Administrative Portlets" as 'admin' user. This
> >>worked
> >>fine, and I was able to detect this user through
> the
> >>PortletResponse.getUserPrincipal().
> >>I've also tried to create a new role, say
> >>dce-admin-role, and assign this role to the new
> >>user.
> >>This , unfortunately, did not work. I entered the
> >>new
> >>role name into the corresponding form ("Add Role")
> >>of
> >>the "Role Management" tab, but it was never added
> to
> >>the list of the available roles and when I tried
> to
> >>assign this role to the new user I've got an error
> >>from J2 complaining that this role does not exist:
> >>
> >>*** New Full Path: /role/dce-admin-role
> >>failed to add user to role: dce-admin,
> >>
> >>
> >>
>
>dce-admin-roleorg.apache.jetspeed.security.SecurityException:
> >
> >
> >>The role does not exist. dce-admin-role
> >>*** New Full Path: /role/dce-admin-role
> >>
> >>
> >>Any idea why this is not working?
> >>
> >>Thanks,
> >>Marina
> >>
> >>
> >>
> >
> >
>
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
__
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed2 M1 security setup
Marina,
If you are doing this manually, you also need to set
up the role hierarchy manager. In SQL terms, this
means something like this:
INSERT INTO PREFS_NODE
VALUES(200,196,'dce-admin-role',0,'/role/dce-admin-role','2004-05-22
16:27:12.472','2004-05-22 16:27:12.472');
You can also use the RoleManager to add the role you
want to set up.
Regards,
David.
--- Marina <[EMAIL PROTECTED]> wrote:
> Thanks, Randy,
>
> I tried adding the new role directly into the HSQL
> DB
> like this:
> INSERT INTO SECURITY_PRINCIPAL
>
VALUES(15,'org.apache.jetspeed.security.JetspeedRolePrincipalImpl',0,1,'/role/dce-admin-role','2004-12-15
> 16:27:12.572','2004-12-15 16:27:12.572');
>
> I ran this sql query directly on the HSQL DB,
> without
> modifying the populate-userinfo-for-default-psml.sql
> and rebuilding J2.
>
> After I restarted J2, though, the new role is still
> not displayed in the list of available roles in the
> "Role Management" portlet. And asigning this role to
> a
> user through the "User Manegement" portlet did not
> work either.
>
> Is this the only table I have to update
> ('security_principal') in order to create a new
> role,
> or are there some other related tables that I
> missed?
>
> Thanks,
> Marina
>
> --- Randy Watler <[EMAIL PROTECTED]> wrote:
>
> > Marina,
> >
> > There you have it, (thanks David).
> >
> > It is a simple matter to add users, roles, groups,
> > etc. directly to the
> > DB in the interim. See one of the following
> scripts:
> >
> > CVS -
> src/sql/populate-userinfo-for-default-psml.sql
> > CVS - src/sql/ > name>/populate-userinfo-for-default-psml.sql
> > M1 -
> >
>
jetspeed-database/scripts/sql/DML/populate-userinfo-for-default-psml.sql
> > M1 - jetspeed-database/scripts/sql/DML/ > name>/populate-userinfo-for-default-psml.sql
> >
> > Randy
> >
> > David Le Strat wrote:
> >
> > >Marina,
> > >
> > >Implementation of the role management portlet is
> > not
> > >complete.
> > >
> > >Regards,
> > >
> > >David Le Strat.
> > >--- Marina <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >
> > >>Randy, thanks a lot for your help! I was able to
> > >>setup
> > >>a basic access control to my portlet's view and
> > Edit
> > >>mode.
> > >>I do have more questions on the user management
> in
> > >>J2,
> > >>though :)
> > >>
> > >>I've created a new user, dce-admin, using the
> > >>"Administrative Portlets" as 'admin' user. This
> > >>worked
> > >>fine, and I was able to detect this user through
> > the
> > >>PortletResponse.getUserPrincipal().
> > >>I've also tried to create a new role, say
> > >>dce-admin-role, and assign this role to the new
> > >>user.
> > >>This , unfortunately, did not work. I entered
> the
> > >>new
> > >>role name into the corresponding form ("Add
> Role")
> > >>of
> > >>the "Role Management" tab, but it was never
> added
> > to
> > >>the list of the available roles and when I tried
> > to
> > >>assign this role to the new user I've got an
> error
> > >>from J2 complaining that this role does not
> exist:
> > >>
> > >>*** New Full Path: /role/dce-admin-role
> > >>failed to add user to role: dce-admin,
> > >>
> > >>
> > >>
> >
>
>dce-admin-roleorg.apache.jetspeed.security.SecurityException:
> > >
> > >
> > >>The role does not exist. dce-admin-role
> > >>*** New Full Path: /role/dce-admin-role
> > >>
> > >>
> > >>Any idea why this is not working?
> > >>
> > >>Thanks,
> > >>Marina
> > >>
> > >>
> > >>
> > >
> > >
> >
> >
>
-
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> >
> >
>
>
>
>
> __
> Do you Yahoo!?
> Yahoo! Mail - Helps protect you from nasty viruses.
> http://promotions.yahoo.com/new_mail
>
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
__
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed-1 vs 2
Colin Freas wrote: So, I'm just beginning to evaluate Jetspeed as a candidate for implementing a portal. Lots of questions, as you might expect. Probably the biggest: I'm not sure what the practical implications of using Jetspeed 1 verses 2 are, in either the short term or the long. From what I've read, a major release of Jetspeed 2 is due early in 2005, but, judging by the Jetspeed 1 and 2 branches of the Portals web site, Jetspeed 2 seems, frankly, in a nascent state of development. The notion of which is reinforced by this excellent note by Scott Weaver: http://www.mail-archive.com/jetspeed-user@jakarta.apache.org/msg11763.html The first Jetspeed-2 release came out two weeks ago: http://www.mail-archive.com/jetspeed-user@jakarta.apache.org/msg14416.html So, that was late March, now it's mid-Decmeber. Anything fundamentally different from what was outlined there? Are all of those features on track for the release? The release date of "early 2005", by the way, I get from this article by Bob Fleischman: http://www.javaworld.com/javaworld/jw-11-2004/jw-1129-jetspeed.html A nice technical piece on Jetspeed 1, but mentions explicitly that the example developed within will not function correctly with J2. My question here would then be: how different would the same example be in J2? Jetspeed-2 requires JSR-168 compatible portlets which don't run on a Jetspeed-1. I recommend that you develop portlets for J2 since they can be deployed to any other Portal that supports JSR-168 portlets And that brings me to a couple of questions related directly to my first point about J1 vs J2. Iis it recommended, at this point, to develop new projects soley using J2? Is it expected that sites using J1 will eventually migrate to J2, or will J1 be supported and developed indefinitely? Thanks for any thoughts. Colin Freas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jetspeed2 M1 security setup
Yes, it did work!
The original SQL query did not work right away, so I
looked more closely into the DB schema and guessed
that I should be using the '/role' node's node_id as
the 'parent_node_id' (204). That was a lucky guess and
the following query worked fine:
INSERT INTO PREFS_NODE
VALUES(200,204,'dce-admin-role',0,'/role/dce-admin-role','2004-05-22
16:27:12.472','2004-05-22 16:27:12.472');
After that, I was able to see the new role,
'dce-admin-role', in the 'Role Management' portlet's
list, and was able to assign this role to a user and
see it detected correctly by
PortletRequest.isUserInRole("dce-admin-role").
Thanks a lot for your help!
Marina
--- David Le Strat <[EMAIL PROTECTED]> wrote:
> Marina,
>
> If you are doing this manually, you also need to set
> up the role hierarchy manager. In SQL terms, this
> means something like this:
>
> INSERT INTO PREFS_NODE
>
VALUES(200,196,'dce-admin-role',0,'/role/dce-admin-role','2004-05-22
> 16:27:12.472','2004-05-22 16:27:12.472');
>
> You can also use the RoleManager to add the role you
> want to set up.
>
> Regards,
>
> David.
>
> --- Marina <[EMAIL PROTECTED]> wrote:
>
> > Thanks, Randy,
> >
> > I tried adding the new role directly into the HSQL
> > DB
> > like this:
> > INSERT INTO SECURITY_PRINCIPAL
> >
>
VALUES(15,'org.apache.jetspeed.security.JetspeedRolePrincipalImpl',0,1,'/role/dce-admin-role','2004-12-15
> > 16:27:12.572','2004-12-15 16:27:12.572');
> >
> > I ran this sql query directly on the HSQL DB,
> > without
> > modifying the
> populate-userinfo-for-default-psml.sql
> > and rebuilding J2.
> >
> > After I restarted J2, though, the new role is
> still
> > not displayed in the list of available roles in
> the
> > "Role Management" portlet. And asigning this role
> to
> > a
> > user through the "User Manegement" portlet did not
> > work either.
> >
> > Is this the only table I have to update
> > ('security_principal') in order to create a new
> > role,
> > or are there some other related tables that I
> > missed?
> >
> > Thanks,
> > Marina
> >
> > --- Randy Watler <[EMAIL PROTECTED]> wrote:
> >
> > > Marina,
> > >
> > > There you have it, (thanks David).
> > >
> > > It is a simple matter to add users, roles,
> groups,
> > > etc. directly to the
> > > DB in the interim. See one of the following
> > scripts:
> > >
> > > CVS -
> > src/sql/populate-userinfo-for-default-psml.sql
> > > CVS - src/sql/ > > name>/populate-userinfo-for-default-psml.sql
> > > M1 -
> > >
> >
>
jetspeed-database/scripts/sql/DML/populate-userinfo-for-default-psml.sql
> > > M1 - jetspeed-database/scripts/sql/DML/ > > name>/populate-userinfo-for-default-psml.sql
> > >
> > > Randy
> > >
> > > David Le Strat wrote:
> > >
> > > >Marina,
> > > >
> > > >Implementation of the role management portlet
> is
> > > not
> > > >complete.
> > > >
> > > >Regards,
> > > >
> > > >David Le Strat.
> > > >--- Marina <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > >
> > > >>Randy, thanks a lot for your help! I was able
> to
> > > >>setup
> > > >>a basic access control to my portlet's view
> and
> > > Edit
> > > >>mode.
> > > >>I do have more questions on the user
> management
> > in
> > > >>J2,
> > > >>though :)
> > > >>
> > > >>I've created a new user, dce-admin, using the
> > > >>"Administrative Portlets" as 'admin' user.
> This
> > > >>worked
> > > >>fine, and I was able to detect this user
> through
> > > the
> > > >>PortletResponse.getUserPrincipal().
> > > >>I've also tried to create a new role, say
> > > >>dce-admin-role, and assign this role to the
> new
> > > >>user.
> > > >>This , unfortunately, did not work. I entered
> > the
> > > >>new
> > > >>role name into the corresponding form ("Add
> > Role")
> > > >>of
> > > >>the "Role Management" tab, but it was never
> > added
> > > to
> > > >>the list of the available roles and when I
> tried
> > > to
> > > >>assign this role to the new user I've got an
> > error
> > > >>from J2 complaining that this role does not
> > exist:
> > > >>
> > > >>*** New Full Path: /role/dce-admin-role
> > > >>failed to add user to role: dce-admin,
> > > >>
> > > >>
> > > >>
> > >
> >
>
>dce-admin-roleorg.apache.jetspeed.security.SecurityException:
> > > >
> > > >
> > > >>The role does not exist. dce-admin-role
> > > >>*** New Full Path: /role/dce-admin-role
> > > >>
> > > >>
> > > >>Any idea why this is not working?
> > > >>
> > > >>Thanks,
> > > >>Marina
> > > >>
> > > >>
> > > >>
> > > >
> > > >
> > >
> > >
> >
>
-
> > > To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> > > [EMAIL PROTECTED]
> > >
> > >
> >
> >
> >
> >
> > __
> > Do you Yahoo!?
> > Yahoo! Mail - Helps protect you from nasty
> viruses.
> > http://promotions.yahoo.com/new_mail
> >
> >
>
-
> > To unsubscribe, e-mail:
>
Re: Jetspeed-1 vs 2
Well, since none of the regular contributors to Jetspeed have fielded this, I'll take a swing. I'm using Jetspeed 1.5 for a project that started in September, and have been quite happy with it. I think your choice between J1 and J2 is based on a couple of things: 1. How important is JSR 168 compliance? If it's important, J2 or J1.6 might be a viable solution. To me, it's not that important since we're developing all of our own portlets. 2. How much do you like being on the bleeding edge? I'm not a huge fan, which is why I went with J1. The documentation for J1 is very good for an open source project. 3. How soon is your project starting? I don't know what the roadmap to J2 looks like, but the longer you can afford to wait, the better J2 will be. (Looks like there's a roadmap here: http://wiki.apache.org/portals/Jetspeed2/RoadMap; doesn't seem to be too up to date.) I also believe (am not sure) that there's going to be a Jetspeed 1.6 release which will be based on J2, but will run Jetspeed 1.5 portlets. Could be wrong though. Good luck. Dan --- Colin Freas <[EMAIL PROTECTED]> wrote: > > So, I'm just beginning to evaluate Jetspeed as a candidate for > implementing a portal. Lots of questions, as you might expect. > Probably the biggest: I'm not sure what the practical implications of > > using Jetspeed 1 verses 2 are, in either the short term or the long. > > From what I've read, a major release of Jetspeed 2 is due early in > 2005, but, judging by the Jetspeed 1 and 2 branches of the Portals > web > site, Jetspeed 2 seems, frankly, in a nascent state of development. > The > notion of which is reinforced by this excellent note by Scott Weaver: > http://www.mail-archive.com/jetspeed-user@jakarta.apache.org/msg11763.html > > So, that was late March, now it's mid-Decmeber. Anything > fundamentally > different from what was outlined there? Are all of those features on > > track for the release? > > The release date of "early 2005", by the way, I get from this article > by > Bob Fleischman: > http://www.javaworld.com/javaworld/jw-11-2004/jw-1129-jetspeed.html > > A nice technical piece on Jetspeed 1, but mentions explicitly that > the > example developed within will not function correctly with J2. My > question here would then be: how different would the same example be > in J2? > > And that brings me to a couple of questions related directly to my > first > point about J1 vs J2. Iis it recommended, at this point, to develop > new > projects soley using J2? Is it expected that sites using J1 will > eventually migrate to J2, or will J1 be supported and developed > indefinitely? > > Thanks for any thoughts. > > Colin Freas > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Jetspeed2 M1 security setup
I've been working through this thread. It's very helpful. Thanks to Marina
and Randy for providing some good documentation here. As I have worked
through this, I have a follow up question...
Is there a way in a psml file or in one of the deployment descriptors to
require a role before displaying "some" of the portlets on a page? I want
to modify the default page so that only the login portlet is visible until a
user logs in. If I make the entire page require a role, then I can't log in
to establish my identity.
Thanks, Doug
-Original Message-
From: Marina [mailto:[EMAIL PROTECTED]
Sent: Monday, December 13, 2004 4:35 PM
To: Jetspeed Users List
Subject: RE: Jetspeed2 M1 security setup
Randy, thanks a lot for your help! I was able to setup
a basic access control to my portlet's view and Edit
mode.
I do have more questions on the user management in J2,
though :)
I've created a new user, dce-admin, using the
"Administrative Portlets" as 'admin' user. This worked
fine, and I was able to detect this user through the
PortletResponse.getUserPrincipal().
I've also tried to create a new role, say
dce-admin-role, and assign this role to the new user.
This , unfortunately, did not work. I entered the new
role name into the corresponding form ("Add Role") of
the "Role Management" tab, but it was never added to
the list of the available roles and when I tried to
assign this role to the new user I've got an error
from J2 complaining that this role does not exist:
*** New Full Path: /role/dce-admin-role
failed to add user to role: dce-admin,
dce-admin-roleorg.apache.jetspeed.security.SecurityException:
The role does not exist. dce-admin-role
*** New Full Path: /role/dce-admin-role
Any idea why this is not working?
Thanks,
Marina
--- Randy Watler <[EMAIL PROTECTED]> wrote:
> Marina,
>
> Thanks for using the jetspeed user list!
>
> Comments below.
>
> Randy
>
> >-Original Message-
> >From: Marina
> >To: 'Jetspeed Users List '
> >Sent: 12/6/04 5:06 PM
> >Subject: RE: Jetspeed2 M1 security setup (was:
> jetspeed-newbie
> Roles-Groups-Users)>
> >
> >Hi,
> >
> > I've successfully built and installed J2 M1 and
> was
> >looking into the demo applications to figure out
> how
> >to setup access control for portlets/pages.
> >After checking out some example portlets , like
> >RoleSecurityTest and Login, and their source code,
> I
> >think I have some idea of how to approach the task
> but
> >I would like to clarify some topics.
> >
> >First, I'll list my assumptions and then ask
> >questions:
> >
> >1.
>
>tomcat-5.0.30-j2-M1\webapps\jetspeed\WEB-INF\pages\page.security
> > file specifies 'Edit'/'View' permissions for the
> >default Portal's page, defined in default-page.psml
>
> The /page.security file defines named security
> constraints that can be
> referenced here or in individual page, folder meta
> data, link, or document
> set documents. The scope of this file is global
> across the entire site.
> References take the form of
> , (which
> appear only in /page.security), or
> .
>
> >Thus, this part :
> >
> >
> > admin
> > view, edit
> >
> >
> >means that only a user with the role 'admin' can
> edit
> >the layout of the page.
>
> Yes, since this fragment is referenced in a
> , it applies to
> all documents in the site.
>
> >And this fragment:
> >
> >
> > manager
> > view
> >
> >
> >means that a user with the role 'manager' can view
> the
> >page.
>
> Yes, where used with a .
>
> >However, anybody can view this default page in
> reality
> >- even before a user logs in. You don't need any
> >special privileges to access
> >http://localhost:8080/jetspeed to see the page.
> >My assumption is that it is because security
> >constraints are "overwritten" in the
> >pages/folder.metadata file (see below).
> >Is that true?
>
> Not exactly. The override is in the
> default-page.psml itself, (user=*,
> permission=view).
>
> >What is the scope of the page.security definitions
> and
> >where are they used?
>
> See above.
>
> >2. each folder under /pages directory (including
> >/pages itself) has a folder.metadata file where
> more
> > are defined for that folder.
> >For example, here is pages/folder.metadata:
> >.
> >
> >
> > user
> > view
> >
> >
>
>manager
> >
>
> This should be commented out in M1.
>
> >
> >
> >
> > *
> > view
> >
> >
> >
> >And this is why all users can see the default page.
> >(Is that true?)
>
> It would be the case if default-page.psml did not
> override on its own. To be
> exact, this allows all users to view the folder and
> any content within it
> that does not specify its own security constraints.
> In effect, this is the
> site default for global pages because it is defined
> at the root leve.
>
> >On the other hand, here is
> >pages\Administrative\folder.metadata :
> >
> > Jetspeed Administrative Portlets
> >
> >
>
>manager
> >
> >
> >
> >This
Re: Jetspeed2 M1 security setup
Randy Watler wrote:
Doug,
Portlet level security constraints are apparently the responsibility of
the portlet writer to implement, so the portal and portlet container
will always display the portlet. We just received clarification on this
from the pluto mail list:
http://nagoya.apache.org/eyebrowse/ReadMsg?listId=261&msgNo=2160
One small correction: only the portlet container should not
enforce security constraints according to the portlet specification.
The portal can, as Randy showed in the example below.
Another solution would be to use security constraints on a page, restricting
(certain type of) access to only certain users, roles or groups.
Furthermore, this should not only be possible on page level but even on
(psml) fragment level, but that isn't yet implemented I think (Randy?).
If (when) it is, you can simply restrict certain parts of a page to certain
users, groups and/or roles.
So, one way to achieve what you are after is to use the profiler. When
the user is not logged in, they are known as 'guest'. By default, users
are profiled using the 'j1' rule. This all boils down to the fact that
unauthenticated users can be directed to pages placed in the
".../WEB-INF/pages/_user/guest" directory. Place your stripped down
version of your pages in this 'guest' directory, (without your role
security), and then secure all the rest of the pages in your site by role.
HTH,
Randy
Doug Schnelzer wrote:
I've been working through this thread. It's very helpful. Thanks to
Marina
and Randy for providing some good documentation here. As I have worked
through this, I have a follow up question...
Is there a way in a psml file or in one of the deployment descriptors to
require a role before displaying "some" of the portlets on a page? I
want
to modify the default page so that only the login portlet is visible
until a
user logs in. If I make the entire page require a role, then I can't
log in
to establish my identity.
Thanks, Doug
-Original Message-
From: Marina [mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004
4:35 PM
To: Jetspeed Users List
Subject: RE: Jetspeed2 M1 security setup
Randy, thanks a lot for your help! I was able to setup
a basic access control to my portlet's view and Edit
mode.
I do have more questions on the user management in J2,
though :)
I've created a new user, dce-admin, using the
"Administrative Portlets" as 'admin' user. This worked
fine, and I was able to detect this user through the
PortletResponse.getUserPrincipal().
I've also tried to create a new role, say
dce-admin-role, and assign this role to the new user.
This , unfortunately, did not work. I entered the new
role name into the corresponding form ("Add Role") of
the "Role Management" tab, but it was never added to
the list of the available roles and when I tried to
assign this role to the new user I've got an error
from J2 complaining that this role does not exist:
*** New Full Path: /role/dce-admin-role
failed to add user to role: dce-admin,
dce-admin-roleorg.apache.jetspeed.security.SecurityException:
The role does not exist. dce-admin-role
*** New Full Path: /role/dce-admin-role
Any idea why this is not working?
Thanks,
Marina
--- Randy Watler <[EMAIL PROTECTED]> wrote:
Marina,
Thanks for using the jetspeed user list!
Comments below.
Randy
-Original Message-
From: Marina
To: 'Jetspeed Users List '
Sent: 12/6/04 5:06 PM
Subject: RE: Jetspeed2 M1 security setup (was:
jetspeed-newbie
Roles-Groups-Users)>
Hi,
I've successfully built and installed J2 M1 and
was
looking into the demo applications to figure out
how
to setup access control for portlets/pages.
After checking out some example portlets , like
RoleSecurityTest and Login, and their source code,
I
think I have some idea of how to approach the task
but
I would like to clarify some topics.
First, I'll list my assumptions and then ask
questions:
1.
tomcat-5.0.30-j2-M1\webapps\jetspeed\WEB-INF\pages\page.security
file specifies 'Edit'/'View' permissions for the
default Portal's page, defined in default-page.psml
The /page.security file defines named security
constraints that can be
referenced here or in individual page, folder meta
data, link, or document
set documents. The scope of this file is global
across the entire site.
References take the form of
, (which
appear only in /page.security), or
.
Thus, this part :
admin
view, edit
means that only a user with the role 'admin' can
edit
the layout of the page.
Yes, since this fragment is referenced in a
, it applies to
all documents in the site.
And this fragment:
manager
view
means that a user with the role 'manager' can view
the
page.
Yes, where used with a .
However, anybody can view this default page in
reality
- even before a user logs in. You don't need any
special privileges to access
http://localhost:8080/jetspeed to see the
"Failed to initalize jetspeed" ,What's wrong with it?
My environment is : j2sdk1.4.2_06 + Tomcat 5.0.28. Built and deployed successufully, but I get the exception when I open http://localhost:8080/jetspeed. Who can tell me what's wrong? Thanx in advance! exception javax.servlet.ServletException: Failed to initalize jetspeed. org.apache.jetspeed.exception.JetspeedException: Unable to create Engine org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:206) javax.servlet.http.HttpServlet.service(HttpServlet.java:689) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java:670) org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:637) org.apache.jsp.index_jsp._jspService(index_jsp.java:45) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jetspeed.exception.JetspeedException: Unable to create Engine org.apache.jetspeed.Jetspeed.createEngine(Jetspeed.java:76) org.apache.jetspeed.engine.JetspeedServlet.init(JetspeedServlet.java:135) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:216) org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256) org.apache.commons.digester.Rule.end(Rule.java:276) org.apache.commons.digester.Digester.endElement(Digester.java:1058) org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.java:76) org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) org.apache.xerces.parsers.XMLParser.parse(Unknown Source) org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) org.apache.commons.digester.Digester.parse(Digester.java:1567) org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:483) org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:427) org.apache.catalina.startup.HostConfig.start(HostConfig.java:983) org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349) org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) org.apache.catalina.startup.Catalina.start(Catalina.java:556) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) _ Do You Yahoo!? 150万曲MP3疯狂搜,带您闯入音乐殿堂 http://music.yisou.com/ 美女明星应有尽有,搜遍美图、艳图和酷图 http://image.yisou.com 1G就是1000兆,雅虎电邮自助扩容! http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mail_1g/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: PortletRequest using struts portals bridge
Thank you both very much! I knew it had to be something simple...
These preferences are then stored in one of the Jetspeed 2 tables,
right? Even for Fusion?
-- Jeff
On Tue, 14 Dec 2004 23:22:59 +0100, Ate Douma <[EMAIL PROTECTED]> wrote:
>
>
> Ate Douma wrote:
> > See Portlet Specification Chapter 16: Dispatching Requests to Servlets
> > and JSP
> >
> > PLT.16.3.2 Included Request A ttributes
> > In addition to the request attributes specified in Servlet Specification
> > 2.3, SRV.8.3.1
> > Section, the included servlet or JSP must have the following request
> > attributes set:
> > Request Attribute Type
> > javax.portlet.configjavax.portlet.PortletConfig
> > javax.portlet.request javax.portlet.RenderRequest
> > javax.portlet.response javax.portlet.RenderResponse
> >
> > Example:
> > RenderRequest renderRequest =
> > (RenderRequest)servletRequest.getAttribute("javax.portlet.request");
>
> To add to the above: the Portlet spec only deals with dispatched requests
> to Servlets and JSP during the RenderRequest phase. But, using the Struts
> Bridge,
> Servlets (e.g. Struts) is also dispatched to during the ActionRequest phase.
>
> In the ActionRequest phase, the above example will result in a
> ClassCastException.
> To prevent that you can use the following generic solution:
>
>PortletRequest portletRequest =
> (PortletRequest)servletRequest.getAttribute("javax.portlet.request");
>if ( portletRequest instanceof ActionRequest ) {
> ActionRequest actionRequest = (ActionRequest)portletRequest;
> // do your actionRequest thing
>} else {
> RenderRequest renderRequest = (RenderRequest)portletRequest;
> // do your renderRequest thing
>}
>
> >
> > Jeff Sheets wrote:
> >
> >> Does anyone know how to get the PortletRequest from inside the struts
> >> execute() method when using the struts portals bridge? I need to
> >> access the PortletPreferences. I tried casting the HttpServletRequest
> >> to a PortletRequest but that didn't work. Is it stored in the session
> >> or elsewhere?
> >>
> >> Thank you,
> >> -- Jeff
> >>
> >> -
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >> .
> >>
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: "Failed to initalize jetspeed" ,What's wrong with it?
I get the same error. Tried both MySQL and hypersonic. Initialisation of the database went ok in both cases. Any ideas? /Marty On Wednesday 15 December 2004 11:53, Michael Aemisegger wrote: > Did you start the hypersonic db? > > boo hou wrote: > > My environment is : j2sdk1.4.2_06 + Tomcat 5.0.28. > > Built and deployed successufully, but I get the > > exception when I open http://localhost:8080/jetspeed. > > Who can tell me what's wrong? Thanx in advance! > > > > exception > > > > javax.servlet.ServletException: Failed to initalize > > jetspeed. > > org.apache.jetspeed.exception.JetspeedException: > > Unable to create Engine > > > > org.apache.jetspeed.engine.JetspeedServlet.doGet(JetspeedServlet.java:206 > >) > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > > > org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java: > >670) > > > > org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:63 > >7) > > > > org.apache.jsp.index_jsp._jspService(index_jsp.java:45) > > > > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > > > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.jav > >a:324) > > > > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) > > > > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > > > > root cause > > > > org.apache.jetspeed.exception.JetspeedException: > > Unable to create Engine > > > > org.apache.jetspeed.Jetspeed.createEngine(Jetspeed.java:76) > > > > org.apache.jetspeed.engine.JetspeedServlet.init(JetspeedServlet.java:135) > > sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > Method) > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java > >:39) > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI > >mpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) > > > > org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:21 > >6) > > > > org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256) > > org.apache.commons.digester.Rule.end(Rule.java:276) > > > > org.apache.commons.digester.Digester.endElement(Digester.java:1058) > > > > org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.jav > >a:76) > > > > org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown > > Source) > > > > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unkn > >own Source) > > > > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDisp > >atcher.dispatch(Unknown Source) > > > > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknow > >n Source) > > > > org.apache.xerces.parsers.XML11Configuration.parse(Unknown > > Source) > > > > org.apache.xerces.parsers.XML11Configuration.parse(Unknown > > Source) > > org.apache.xerces.parsers.XMLParser.parse(Unknown > > Source) > > > > org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown > > Source) > > > > org.apache.commons.digester.Digester.parse(Digester.java:1567) > > > > org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java: > >483) > > > > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:427) > > > > org.apache.catalina.startup.HostConfig.start(HostConfig.java:983) > > > > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349 > >) > > > > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSup > >port.java:119) > > > > org.apache.catalina.startup.Catalina.start(Catalina.java:556) > > sun.reflect.NativeMethodAccessorImpl.invoke0(Native > > Method) > > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java > >:39) > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorI > >mpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) > > > > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) > > > > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) > > > > > > _ > > Do You Yahoo!? > > 150万曲MP3疯狂搜,带您闯入音乐殿堂 > > http://music.yisou.com/ > > 美女明星应有尽有,搜遍美图、艳图和酷图 > > http://image.yisou.com > > 1G就是1000兆,雅虎电邮自助扩容! > > http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mai > >l_1g/ > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PR
Re: Jetspeed2 M1 security setup
Doug,
Portlet level security constraints are apparently the responsibility of
the portlet writer to implement, so the portal and portlet container
will always display the portlet. We just received clarification on this
from the pluto mail list:
http://nagoya.apache.org/eyebrowse/ReadMsg?listId=261&msgNo=2160
So, one way to achieve what you are after is to use the profiler. When
the user is not logged in, they are known as 'guest'. By default, users
are profiled using the 'j1' rule. This all boils down to the fact that
unauthenticated users can be directed to pages placed in the
".../WEB-INF/pages/_user/guest" directory. Place your stripped down
version of your pages in this 'guest' directory, (without your role
security), and then secure all the rest of the pages in your site by role.
HTH,
Randy
Doug Schnelzer wrote:
I've been working through this thread. It's very helpful. Thanks to Marina
and Randy for providing some good documentation here. As I have worked
through this, I have a follow up question...
Is there a way in a psml file or in one of the deployment descriptors to
require a role before displaying "some" of the portlets on a page? I want
to modify the default page so that only the login portlet is visible until a
user logs in. If I make the entire page require a role, then I can't log in
to establish my identity.
Thanks, Doug
-Original Message-
From: Marina [mailto:[EMAIL PROTECTED]
Sent: Monday, December 13, 2004 4:35 PM
To: Jetspeed Users List
Subject: RE: Jetspeed2 M1 security setup
Randy, thanks a lot for your help! I was able to setup
a basic access control to my portlet's view and Edit
mode.
I do have more questions on the user management in J2,
though :)
I've created a new user, dce-admin, using the
"Administrative Portlets" as 'admin' user. This worked
fine, and I was able to detect this user through the
PortletResponse.getUserPrincipal().
I've also tried to create a new role, say
dce-admin-role, and assign this role to the new user.
This , unfortunately, did not work. I entered the new
role name into the corresponding form ("Add Role") of
the "Role Management" tab, but it was never added to
the list of the available roles and when I tried to
assign this role to the new user I've got an error
from J2 complaining that this role does not exist:
*** New Full Path: /role/dce-admin-role
failed to add user to role: dce-admin,
dce-admin-roleorg.apache.jetspeed.security.SecurityException:
The role does not exist. dce-admin-role
*** New Full Path: /role/dce-admin-role
Any idea why this is not working?
Thanks,
Marina
--- Randy Watler <[EMAIL PROTECTED]> wrote:
Marina,
Thanks for using the jetspeed user list!
Comments below.
Randy
-Original Message-
From: Marina
To: 'Jetspeed Users List '
Sent: 12/6/04 5:06 PM
Subject: RE: Jetspeed2 M1 security setup (was:
jetspeed-newbie
Roles-Groups-Users)>
Hi,
I've successfully built and installed J2 M1 and
was
looking into the demo applications to figure out
how
to setup access control for portlets/pages.
After checking out some example portlets , like
RoleSecurityTest and Login, and their source code,
I
think I have some idea of how to approach the task
but
I would like to clarify some topics.
First, I'll list my assumptions and then ask
questions:
1.
tomcat-5.0.30-j2-M1\webapps\jetspeed\WEB-INF\pages\page.security
file specifies 'Edit'/'View' permissions for the
default Portal's page, defined in default-page.psml
The /page.security file defines named security
constraints that can be
referenced here or in individual page, folder meta
data, link, or document
set documents. The scope of this file is global
across the entire site.
References take the form of
, (which
appear only in /page.security), or
.
Thus, this part :
admin
view, edit
means that only a user with the role 'admin' can
edit
the layout of the page.
Yes, since this fragment is referenced in a
, it applies to
all documents in the site.
And this fragment:
manager
view
means that a user with the role 'manager' can view
the
page.
Yes, where used with a .
However, anybody can view this default page in
reality
- even before a user logs in. You don't need any
special privileges to access
http://localhost:8080/jetspeed to see the page.
My assumption is that it is because security
constraints are "overwritten" in the
pages/folder.metadata file (see below).
Is that true?
Not exactly. The override is in the
default-page.psml itself, (user=*,
permission=view).
What is the scope of the page.security definitions
and
where are they used?
See above.
2. each folder under /pages directory (including
/pages itself) has a folder.metadata file where
more
are defined for that folder.
For example, here is pages/folder.metadata:
.
user
Re: Jetspeed2 M1 security setup
Ate Douma wrote: Randy Watler wrote: Doug, Portlet level security constraints are apparently the responsibility of the portlet writer to implement, so the portal and portlet container will always display the portlet. We just received clarification on this from the pluto mail list: http://nagoya.apache.org/eyebrowse/ReadMsg?listId=261&msgNo=2160 One small correction: only the portlet container should not enforce security constraints according to the portlet specification. The portal can, as Randy showed in the example below. Another solution would be to use security constraints on a page, restricting (certain type of) access to only certain users, roles or groups. Just to be clear, I think Doug is trying to control access by role at the page level but wants finer grain control over portlet in the page. This is not available now, so I was proposing he try controlling acess to two different pages with appropriate portlet subsets via the profiler. Furthermore, this should not only be possible on page level but even on (psml) fragment level, but that isn't yet implemented I think (Randy?). This is not implemented in M1. If (when) it is, you can simply restrict certain parts of a page to certain users, groups and/or roles. Well, David and I discussed this just before M1 was released. I actually had it implemented on the fragment level, but we figured that the portlet security constraints would be sufficient/conflicting, so we removed it. However, we did not have the Pluto ruling then. So, we'll have to revist this for M2. I'll add it to my "to-do" list. So, one way to achieve what you are after is to use the profiler. When the user is not logged in, they are known as 'guest'. By default, users are profiled using the 'j1' rule. This all boils down to the fact that unauthenticated users can be directed to pages placed in the ".../WEB-INF/pages/_user/guest" directory. Place your stripped down version of your pages in this 'guest' directory, (without your role security), and then secure all the rest of the pages in your site by role. HTH, Randy Doug Schnelzer wrote: I've been working through this thread. It's very helpful. Thanks to Marina and Randy for providing some good documentation here. As I have worked through this, I have a follow up question... Is there a way in a psml file or in one of the deployment descriptors to require a role before displaying "some" of the portlets on a page? I want to modify the default page so that only the login portlet is visible until a user logs in. If I make the entire page require a role, then I can't log in to establish my identity. Thanks, Doug - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
