Re: jetspeed and errorPage support in jsp is lacking

2003-01-30 Thread Jim Arnott 
Anyone?

> 
> It does not seem that jetspeed supports the notion of the jsp errorPage.
> i.e:
> 
> <%@ page errorPage="errorReport.jsp" %>
> 
> We are doing a  onto the page if there is a problem connecting to another server.
> 
> It would be nice to have the ability to do something like an error page
> to catch this error.
> 
> Anyone know a work around for this?
> 
> thanks,
> jim arnott
> Reuters R&D
> 
> 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to render a jsp from within a portlet

2003-01-21 Thread Jim Arnott 

Would <%@ include file="your.jsp"%> get you what you want. This would
only work if your talking about a jsp portlet.

-jim

> 
> Hi,
> 
>  
> 
> Does anybody know if it is possible to render the contents of a jsp via a
> portlet, and I do not mean by using the
> org.apache.jetspeed.portal.portlets.JspPortlet.
> 
>  
> 
> In the IBM WebSphere Portal you can do the following
> 
>  
> 
> PortletContext context = getProtletConfig().getContext();
> 
> Context.include (jsp,request,response);
> 
>  
> 
> Is the same thing available in JetSpeed 1.4 b3
> 
>  
> 
> If anyone has any code samples that would be much appreciated
> 
>  
> 
>  
> 
> Regards
> 
>  
> 
> Rob Shorney
> 
> PDS - Local Government - Front Office Development Team
> 
> Northgate Information Solutions
> 
> 
> 
> 
>  
> 
> 
> 
>  
> This email is sent on behalf of Northgate Information Solutions UK Limited 
("Northgate") and is strictly confidential and intended solely for the 
addressee(s).  It may contain personal and confidential information and as such 
may be protected by the Data Protection Act 1998.
> 
> If you are not the intended recipient of this email you must: (i) not 
disclose, copy or distribute its contents to any other person nor use its 
contents in any way or you may be acting unlawfully;  (ii) contact Northgate 
immediately on +44 (0)1442 232424 quoting the name of the sender and the 
addressee then delete it from your system.
> 
> Any views or opinions expressed within this email are those of the author, and 
do not necessarily represent those of Northgate.
> 
> Northgate has scanned this email for viruses but does not accept any 
responsibility once this email has been transmitted.  You should scan 
attachments (if any) for viruses.

 Visit our Internet site at http://www.reuters.com


Any views expressed in this message are those of the individual 
sender, except where the sender specifically states them to be 
the views of Reuters Ltd.


--
To unsubscribe, e-mail:   
For additional commands, e-mail:

jetspeed and errorPage in jsp

2003-01-16 Thread Jim Arnott 
It does not seem that jetspeed supports the notion of the jsp errorPage.
i.e:

<%@ page errorPage="errorReport.jsp" %>

We are doing a mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:

Re: Security Hole

2003-01-16 Thread Jim Arnott 
All I get is "You do not have access to these portlets". And any additional
pane tabs with the configure icon that can be configured (bug 15968).

My version said 1.4-b4-dev.

Perhaps that nightly was a little too early? I got mine by CVS mid day 1/15 CST.
There is a nightly 1/16 out there already, try that.

-jim

> 
> I downloaded the 1-15 nightly build today, tested this issue, and I am still 
seeing this hole.
> 
> All I am doing is 
> 
> 1)Creating 2 jetspeed users with the admin account
> 2)modifying each of the psml files to be different in content, 
> 3)Logging in with one user and then substituting the other user ID in the url.
> 4)The other user's content is displayed with out any problem.
> 
> Any thoughts?
> 
> Jim Arnott <[EMAIL PROTECTED]> wrote:
> 
> >
> >In the latest CVS version, this is no longer the case. See 
> >http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15968 for more info.
> >
> >jim arnott
> >Reuters R&D 
> >
> >On Wed, 15 Jan 2003, Brad Straw wrote:
> >
> >> Hi,
> >> 
> >> I have seen one other reference in the mailing list regarding a security 
hole, but I want to clarify this issue.  The following url is displayed on the 
address bar:
> >> 
> >> 
http://localhost:8080/portal/media-type/html/user/bstraw001/page/default.psml/js
_pane/P-f2c3135036-10001
> >> 
> >> This url design was not present in version 1.3a2.
> >> 
> >> By substituting the userid with another valid userid, I can see the other 
user's content.
> >> 
> >> Any thoughts? Mitigating controls?  Missed configuration?
> >> 
> >> __
> >> The NEW Netscape 7.0 browser is now available. Upgrade now! 
http://channels.netscape.com/ns/browsers/download.jsp 
> >> 
> >> Get your own FREE, personal Netscape Mail account today at 
http://webmail.netscape.com/
> >> 
> >> --
> >> To unsubscribe, e-mail:   
<mailto:[EMAIL PROTECTED]>
> >> For additional commands, e-mail: 
<mailto:[EMAIL PROTECTED]>
> >> 
> >> 
> >
> >
> >--
> >To unsubscribe, e-mail:   
<mailto:[EMAIL PROTECTED]>
> >For additional commands, e-mail: 
<mailto:[EMAIL PROTECTED]>
> >
> >
> 
> __
> The NEW Netscape 7.0 browser is now available. Upgrade now! 
http://channels.netscape.com/ns/browsers/download.jsp 
> 
> Get your own FREE, personal Netscape Mail account today at 
http://webmail.netscape.com/
> 
> --
> To unsubscribe, e-mail:   
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: 
<mailto:[EMAIL PROTECTED]>
> 

 Visit our Internet site at http://www.reuters.com


Any views expressed in this message are those of the individual 
sender, except where the sender specifically states them to be 
the views of Reuters Ltd.


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Security Hole

2003-01-15 Thread Jim Arnott 

In the latest CVS version, this is no longer the case. See 
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15968 for more info.

jim arnott
Reuters R&D 

On Wed, 15 Jan 2003, Brad Straw wrote:

> Hi,
> 
> I have seen one other reference in the mailing list regarding a security hole, but I 
>want to clarify this issue.  The following url is displayed on the address bar:
> 
> 
>http://localhost:8080/portal/media-type/html/user/bstraw001/page/default.psml/js_pane/P-f2c3135036-10001
> 
> This url design was not present in version 1.3a2.
> 
> By substituting the userid with another valid userid, I can see the other user's 
>content.
> 
> Any thoughts? Mitigating controls?  Missed configuration?
> 
> __
> The NEW Netscape 7.0 browser is now available. Upgrade now! 
>http://channels.netscape.com/ns/browsers/download.jsp 
> 
> Get your own FREE, personal Netscape Mail account today at 
>http://webmail.netscape.com/
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
> 
> 


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Security issues with Jetspeed 1.4b3

2003-01-10 Thread Jim Arnott 

> > We're trying to develop a jetspeed toolkit for internal use by  
> > serparate development teams.  However, right now any user can  
> > substitute someone else's username in the url for any Jetspeed actions  
> > and have free run of their portlets (assuming they are in the same  
> > group) reconfiguring them, viewing their output, etc.  I thought the  
> > allow-if-owner security tag would fix this, but it doesn't seem to  
> > have done anything.
> >
> >   Does anyone know how I can get Jetspeed to refuse attempts by user X  
> > to hit portlets defined in user Y's default.psml when they are in the  
> > same group?  Thank you.
> >
> > Mike McLawhorn
> >
> I thought that the  would handle this too.
> Could you please log a detailed bug on this one:
> 

This is the same bug I reported in bugzill bug 14907 over a month ago.


jim arnott
Reuters R&D


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Customize portlets for anon user?

2002-12-06 Thread Jim Arnott 



> 
> Can i customize the portlets for the anon user?
> Are there any settings that i have to set for this one?
> 
Sure, just login as anon and customize away.


--
To unsubscribe, e-mail:   
For additional commands, e-mail:

Cached JSP

2002-11-27 Thread Jim Arnott 

Does content caching work with JSP? It does not seem to.
Any plans on this feature being added? 
 
thanks,
Jim Arnott
Reuters R&D


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Jetspeed on the farm -yee-ha

2002-11-27 Thread Jim Arnott 




Will jetspeed work on a multi server farm behind a load balancer ?
Has anyone tried it, if it should work?




thanks,
Jim Arnott
Reuters R&D




--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>