RE: Jetspeed2 M1 security setup (was: jetspeed-newbie Roles-Groups-Users)
Hi, I've successfully built and installed J2 M1 and was looking into the demo applications to figure out how to setup access control for portlets/pages. After checking out some example portlets , like RoleSecurityTest and Login, and their source code, I think I have some idea of how to approach the task but I would like to clarify some topics. First, I'll list my assumptions and then ask questions: 1. tomcat-5.0.30-j2-M1\webapps\jetspeed\WEB-INF\pages\page.security file specifies 'Edit'/'View' permissions for the default Portal's page, defined in default-page.psml Thus, this part : security-constraints-def name=admin security-constraint rolesadmin/roles permissionsview, edit/permissions /security-constraint /security-constraints-def means that only a user with the role 'admin' can edit the layout of the page. And this fragment: security-constraints-def name=manager security-constraint rolesmanager/roles permissionsview/permissions /security-constraint /security-constraints-def means that a user with the role 'manager' can view the page. However, anybody can view this default page in reality - even before a user logs in. You don't need any special privileges to access http://localhost:8080/jetspeed to see the page. My assumption is that it is because security constraints are overwritten in the pages/folder.metadata file (see below). Is that true? What is the scope of the page.security definitions and where are they used? 2. each folder under /pages directory (including /pages itself) has a folder.metadata file where more security-constraints are defined for that folder. For example, here is pages/folder.metadata: . security-constraints security-constraint rolesuser/roles permissionsview/permissions /security-constraint security-constraints-refmanager/security-constraints-ref /security-constraints security-constraints security-constraint users*/users permissionsview/permissions /security-constraint /security-constraints /folder And this is why all users can see the default page. (Is that true?) On the other hand, here is pages\Administrative\folder.metadata : folder titleJetspeed Administrative Portlets/title !-- allow only manager role -- security-constraints security-constraints-refmanager/security-constraints-ref /security-constraints /folder This folder corresponds to the Jetspeed Administrative Portlets menu item in the 'Folder and Pages' menu on the left side of the Portal window. However, it is displayed only when a user with the 'manager' role logged in. 3. There also are security-constraints in the .psml files themselves. For example, pages/default-page.psml has: security-constraints security-constraint users*/users permissionsview/permissions /security-constraint /security-constraints 4. Also, there are security-ref defined in the portlet.xml files of individual portlets. For example: portlet id=RoleSecurityTest . security-role-ref role-nameAdministrator/role-name role-linkadmin/role-link /security-role-ref security-role-ref role-nameManager/role-name role-linkmanager/role-link /security-role-ref security-role-ref role-nameUser/role-name role-linkuser/role-link /security-role-ref /portlet and corresponding security-roles are defined in the web.xml file of the portlet application: web-app security-role descriptionThe admin role/description role-nameadmin/role-name /security-role security-role descriptionThe manager role/description role-namemanager/role-name /security-role security-role descriptionThe user role/description role-nameuser/role-name /security-role /web-app Questions: -- How do all the security declarations in #1, 2, 3 and 4 relate to each other? -- What declarations take precedence? -- what declarations are mandatory for others to work? 5. By looking at the jakarta-jetspeed-2-M1\applications\demo\src\webapp\WEB-INF\web.xml file I noticed that there were two example SSO servlets registered - SSODemoServlet and SSOBasicDemoServlet, and they were mapped to /sso-demo and /sso-basic URLs respectively. Here is how /sso-basic is protected: security-constraint web-resource-collection web-resource-nameHTTPBasicDemo/web-resource-name url-pattern/sso-basic/*/url-pattern /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameJetspeed/realm-name /login-config When I access this servlet as http://localhost:8080/demo/sso-basic I am getting a login screen that prompts me to enter username and password, as expected. The /sso-demo is not protected in the web.xml and when accessing it as http://localhost:8080/demo/sso-demo you just get an authentication error. Source code of the
Re: jetspeed-newbie Roles-Groups-Users
Hi, sorry, I'm still struggling with the user management/ access control. The documentation from J2's profiler directory helped somewhat but now I have even more questions than before :) First, I looked at the jetspeed.xml - and I see --- Randy Watler [EMAIL PROTECTED] wrote: Marina, There are two different Roles/Groups/Users domains in effect: Tomcat's and Jetspeed's. Jetspeed has its own JAAS login/logout that is managed separately from the global Tomcat configuration, (see jetspeed.xml for the JAAS Realm definition). Configuration of Tomcat's Realm is only necessary for running the manager/admin application to deploy portlet webapps. I am not sure why your Tomcat security configuration did not control access to the Jetspeed application as a whole, (I am not an expert there to say the least; I've never had to use that believe it or not). To use the portlet security, you'll probably need to configure the Jetspeed realm correctly or use the demo logins. Like I said, I am not sure portlet security is implemented at this time, YMMV. See the populate-userinfo-for-default-psml.sql script. For page level security, see the demo psml pages under jetspeed/WEB-INF/pages. No document on this stuff yet... it is very new and still settling in. I will mail a PDF version of the profiling document to you in few minutes. Randy Marina wrote: Randy, Thanks a lot for your response. I indeed have more specific question on the security setup in J2. I should note right away that I apologize if these questions are answered in the documentation you mentioned - I was not able to read it as it seems to be in the .sxw format (StarOffice, I think ?). Any idea how to convert them into some other format if I don't have StarOffice readily available? Now to my questions. I'm trying to do a very common thing: require a user to log in when he access the portal for the first time, and then show only those portlets that this user is authorized to see, and give him only those access rights to some functionality (buttons, links in the portlets) that he is authorized to do. First of, I was not sure how to limit access to the portal as a whole - usually you do that kind of thing in the web.xml descriptor of the web application. I guess that would be the $TOMCAT_HOME/webapps/jetspeed/WEB-INF/web.xml But then, would not it be overwritten when Jetspeed is redeployed using the Maven build scripts? And what url-pattern would I have to specify - /jetspeed/* or something like that? Anyway, I decided to try to protect the main portlet as the first step. In my potlet's web.xml I specified: security-constraint web-resource-collection web-resource-nameSecure EventCalendar /web-resource-name url-pattern/EventsCalendarPortlet/* /url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namedce_admin/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role role-namedce_admin/role-name /security-role and I have a corresponding role defined in the tomcat-users.xml: role rolename=dce_admin/ user username=dce_admin password=some_password roles=dce_admin/ Since I could not find any Jetspeed-specific information on specifying security constraints for individual portlets, I just used the Portlet Specification as the guide and added this to the portlet's portlet.xml: security-role-ref role-namedce_admin/role-name role-linkdce_admin/role-link /security-role-ref The EventsCalendarPortlet got deployed into J2 just fine, but it was displayed in the portal without prompting me for any username/password. If you could give me any pointers as to what I'm missing and what would the main steps be to achieve what I'm trying to do it would be great! Sorry for such a long e-mail, thanks! Marina --- Randy Watler [EMAIL PROTECTED] wrote: MP, I am more or less responsible for the J2 profiling and security features. There is some documentation in the J2 design-docs under the profiler directory, (pull from CVS). Also the demo configuration for user/user, (username=user, password=user), uses profiling extensively to customize its view and security to limit its access to the admin pages/portlets. BTW, this functionality is page based, not portlet based. Portlet security constraints can be specified in the portlet.xml, but I am not sure if they are 100% implemented at this point. Feel free to send more specific J2 questions to the list. HTH, Randy Watler -Original Message- From: M P To: Jetspeed Users List Sent: 11/27/04 12:10 PM Subject: Re: jetspeed-newbie Roles-Groups-Users Hi, David, The documentation you mentioned
Re: jetspeed-newbie Roles-Groups-Users
username/password. If you could give me any pointers as to what I'm missing and what would the main steps be to achieve what I'm trying to do it would be great! Sorry for such a long e-mail, thanks! Marina --- Randy Watler [EMAIL PROTECTED] wrote: MP, I am more or less responsible for the J2 profiling and security features. There is some documentation in the J2 design-docs under the profiler directory, (pull from CVS). Also the demo configuration for user/user, (username=user, password=user), uses profiling extensively to customize its view and security to limit its access to the admin pages/portlets. BTW, this functionality is page based, not portlet based. Portlet security constraints can be specified in the portlet.xml, but I am not sure if they are 100% implemented at this point. Feel free to send more specific J2 questions to the list. HTH, Randy Watler -Original Message- From: M P To: Jetspeed Users List Sent: 11/27/04 12:10 PM Subject: Re: jetspeed-newbie Roles-Groups-Users Hi, David, The documentation you mentioned is for Jetspeed 1. Is it also true for Jetspeed2? If not - could you point me to where I could find it for J2? I looked through all documentation on the J2 home page and Wikis and could not find anything on how to control access to specific portlets based on user roles/ groups. Thank you! Marina --- David Sean Taylor [EMAIL PROTECTED] wrote: Thilina wrote: === message truncated === __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: jetspeed-newbie Roles-Groups-Users
No worries Marina, lets get it figured out... :) Randy -Original Message- From: Marina To: Jetspeed Users List Sent: 12/1/04 8:47 AM Subject: Re: jetspeed-newbie Roles-Groups-Users Hi, sorry, I'm still struggling with the user management/ access control. The documentation from J2's profiler directory helped somewhat but now I have even more questions than before :) First, I looked at the jetspeed.xml - and I see --- Randy Watler [EMAIL PROTECTED] wrote: Marina, There are two different Roles/Groups/Users domains in effect: Tomcat's and Jetspeed's. Jetspeed has its own JAAS login/logout that is managed separately from the global Tomcat configuration, (see jetspeed.xml for the JAAS Realm definition). Configuration of Tomcat's Realm is only necessary for running the manager/admin application to deploy portlet webapps. I am not sure why your Tomcat security configuration did not control access to the Jetspeed application as a whole, (I am not an expert there to say the least; I've never had to use that believe it or not). To use the portlet security, you'll probably need to configure the Jetspeed realm correctly or use the demo logins. Like I said, I am not sure portlet security is implemented at this time, YMMV. See the populate-userinfo-for-default-psml.sql script. For page level security, see the demo psml pages under jetspeed/WEB-INF/pages. No document on this stuff yet... it is very new and still settling in. I will mail a PDF version of the profiling document to you in few minutes. Randy Marina wrote: Randy, Thanks a lot for your response. I indeed have more specific question on the security setup in J2. I should note right away that I apologize if these questions are answered in the documentation you mentioned - I was not able to read it as it seems to be in the .sxw format (StarOffice, I think ?). Any idea how to convert them into some other format if I don't have StarOffice readily available? Now to my questions. I'm trying to do a very common thing: require a user to log in when he access the portal for the first time, and then show only those portlets that this user is authorized to see, and give him only those access rights to some functionality (buttons, links in the portlets) that he is authorized to do. First of, I was not sure how to limit access to the portal as a whole - usually you do that kind of thing in the web.xml descriptor of the web application. I guess that would be the $TOMCAT_HOME/webapps/jetspeed/WEB-INF/web.xml But then, would not it be overwritten when Jetspeed is redeployed using the Maven build scripts? And what url-pattern would I have to specify - /jetspeed/* or something like that? Anyway, I decided to try to protect the main portlet as the first step. In my potlet's web.xml I specified: security-constraint web-resource-collection web-resource-nameSecure EventCalendar /web-resource-name url-pattern/EventsCalendarPortlet/* /url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namedce_admin/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role role-namedce_admin/role-name /security-role and I have a corresponding role defined in the tomcat-users.xml: role rolename=dce_admin/ user username=dce_admin password=some_password roles=dce_admin/ Since I could not find any Jetspeed-specific information on specifying security constraints for individual portlets, I just used the Portlet Specification as the guide and added this to the portlet's portlet.xml: security-role-ref role-namedce_admin/role-name role-linkdce_admin/role-link /security-role-ref The EventsCalendarPortlet got deployed into J2 just fine, but it was displayed in the portal without prompting me for any username/password. If you could give me any pointers as to what I'm missing and what would the main steps be to achieve what I'm trying to do it would be great! Sorry for such a long e-mail, thanks! Marina --- Randy Watler [EMAIL PROTECTED] wrote: MP, I am more or less responsible for the J2 profiling and security features. There is some documentation in the J2 design-docs under the profiler directory, (pull from CVS). Also the demo configuration for user/user, (username=user, password=user), uses profiling extensively to customize its view and security to limit its access to the admin pages/portlets. BTW, this functionality is page based, not portlet based. Portlet security constraints can be specified in the portlet.xml, but I am not sure if they are 100% implemented at this point. Feel free to send more specific J2 questions to the list. HTH, Randy Watler
RE: jetspeed-newbie Roles-Groups-Users
Marina, Yes, many on the dev team have J2 in production or in prototypes. Comments below. What I meant was: I see there is some relationship between directory names under the WEB-INF/pages directory and user like: WEB-INF/pages/_role manager/ user/ WEB-INF/pages/_user user/ So, for me to create a new user, should I use the same naming convention? For example, to add a new user scott with the role admin should I create corresponding directories WEB-INF/pages/_role/admin WEB-INF/pages/_user/scott In general, yes. However, the directories that are used are determined by the profiling rules. Here, the _user directory is aggregated by the j1 rule and the _role directory is aggregated by the role-fallback or role-group rules. You have the right idea though. By the way, where is the login takes place? I tried login through the Login portlet - but it did not change content of the portal window accordingly (I logged in as 'user') To login as scott, you must add logins, passwords, profiling rules for the Jetspeed user principal. There are admin portlets to do some of this, (login as admin/admin). Many of us simply extend the populate-userinfo-for-default-psml.sql script to add new users. Look at the definitions in there for principals, security, and profiling rules. Another question: How do you add new users programmatically? Do I have to create those new directories every time I add a new user? What if I want users to be able to register themselves, how would all this directory/files setup work? Or do I have to write my own code to insert new users into the DB (by the way, I'm assuming that's what the populate-userinfo-for-default-psml.sql does, is it?) ? Like I said, there are admin portlets to do some of the work. There are plans in the immediate future to make these portlets more powerful that will fill in the gaps betwwen the existing capabilites and editing opulate-userinfo-for-default-psml.sql. So, all you will need to do is allow the guest user access to pages that contain these portlets or to the existing admin pages. You should not have to write any code unless you are interfacing to another system and need external authentication/authorization/single-signon. Sorry, I do feel somewhat confused here. Did anybody succeed in setting up the user management in J2? It's hard to believe I'm the first one struggling with this :) Well, you are probably one of the first non-dev-team people to attempt it! Not to worry, it is complex but does work... :). Keep the questions coming: it gives us all a chance to spread the word and see where we need to improve! Thanks for hanging in there! Randy
RE: jetspeed-newbie Roles-Groups-Users
Randy, Thanks a lot for your response. I indeed have more specific question on the security setup in J2. I should note right away that I apologize if these questions are answered in the documentation you mentioned - I was not able to read it as it seems to be in the .sxw format (StarOffice, I think ?). Any idea how to convert them into some other format if I don't have StarOffice readily available? Now to my questions. I'm trying to do a very common thing: require a user to log in when he access the portal for the first time, and then show only those portlets that this user is authorized to see, and give him only those access rights to some functionality (buttons, links in the portlets) that he is authorized to do. First of, I was not sure how to limit access to the portal as a whole - usually you do that kind of thing in the web.xml descriptor of the web application. I guess that would be the $TOMCAT_HOME/webapps/jetspeed/WEB-INF/web.xml But then, would not it be overwritten when Jetspeed is redeployed using the Maven build scripts? And what url-pattern would I have to specify - /jetspeed/* or something like that? Anyway, I decided to try to protect the main portlet as the first step. In my potlet's web.xml I specified: security-constraint web-resource-collection web-resource-nameSecure EventCalendar /web-resource-name url-pattern/EventsCalendarPortlet/* /url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namedce_admin/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role role-namedce_admin/role-name /security-role and I have a corresponding role defined in the tomcat-users.xml: role rolename=dce_admin/ user username=dce_admin password=some_password roles=dce_admin/ Since I could not find any Jetspeed-specific information on specifying security constraints for individual portlets, I just used the Portlet Specification as the guide and added this to the portlet's portlet.xml: security-role-ref role-namedce_admin/role-name role-linkdce_admin/role-link /security-role-ref The EventsCalendarPortlet got deployed into J2 just fine, but it was displayed in the portal without prompting me for any username/password. If you could give me any pointers as to what I'm missing and what would the main steps be to achieve what I'm trying to do it would be great! Sorry for such a long e-mail, thanks! Marina --- Randy Watler [EMAIL PROTECTED] wrote: MP, I am more or less responsible for the J2 profiling and security features. There is some documentation in the J2 design-docs under the profiler directory, (pull from CVS). Also the demo configuration for user/user, (username=user, password=user), uses profiling extensively to customize its view and security to limit its access to the admin pages/portlets. BTW, this functionality is page based, not portlet based. Portlet security constraints can be specified in the portlet.xml, but I am not sure if they are 100% implemented at this point. Feel free to send more specific J2 questions to the list. HTH, Randy Watler -Original Message- From: M P To: Jetspeed Users List Sent: 11/27/04 12:10 PM Subject: Re: jetspeed-newbie Roles-Groups-Users Hi, David, The documentation you mentioned is for Jetspeed 1. Is it also true for Jetspeed2? If not - could you point me to where I could find it for J2? I looked through all documentation on the J2 home page and Wikis and could not find anything on how to control access to specific portlets based on user roles/ groups. Thank you! Marina --- David Sean Taylor [EMAIL PROTECTED] wrote: Thilina wrote: Hi, I need to do following thing using the jetspeed, Creating.. 3 roles - Admin, Executive, Developer 2 Groups - Administration, Users 100 of users - CEO,CFO,admin, aaa, bbb, ccc, etc Setting Admin and Executive belongs to Administrative Group Developer belongs to Users Group CEO and CFO are Executive Roles admin user is belongs to Admin role aaa, bbb, ccc, etc belongs to Developer role Users group only have rights to view the information. Admin role have all the control except viewing some confidential information such as Banking and Finance information. Only CEO and CFO have rights to access those information. Admin could lock and unlock account except CEO and CFO. Is this kind of activity achieve using jetspeed 1.5? Yes. To see the User Admin, go here: http://.bluesunrise.com/jetspeed login as user = admin, pw = (sendme an email personally to get it) Go to the security tab, and then Security Browser Here you can see how to setup security constraints You will also see
Re: jetspeed-newbie Roles-Groups-Users
Marina, There are two different Roles/Groups/Users domains in effect: Tomcat's and Jetspeed's. Jetspeed has its own JAAS login/logout that is managed separately from the global Tomcat configuration, (see jetspeed.xml for the JAAS Realm definition). Configuration of Tomcat's Realm is only necessary for running the manager/admin application to deploy portlet webapps. I am not sure why your Tomcat security configuration did not control access to the Jetspeed application as a whole, (I am not an expert there to say the least; I've never had to use that believe it or not). To use the portlet security, you'll probably need to configure the Jetspeed realm correctly or use the demo logins. Like I said, I am not sure portlet security is implemented at this time, YMMV. See the populate-userinfo-for-default-psml.sql script. For page level security, see the demo psml pages under jetspeed/WEB-INF/pages. No document on this stuff yet... it is very new and still settling in. I will mail a PDF version of the profiling document to you in few minutes. Randy Marina wrote: Randy, Thanks a lot for your response. I indeed have more specific question on the security setup in J2. I should note right away that I apologize if these questions are answered in the documentation you mentioned - I was not able to read it as it seems to be in the .sxw format (StarOffice, I think ?). Any idea how to convert them into some other format if I don't have StarOffice readily available? Now to my questions. I'm trying to do a very common thing: require a user to log in when he access the portal for the first time, and then show only those portlets that this user is authorized to see, and give him only those access rights to some functionality (buttons, links in the portlets) that he is authorized to do. First of, I was not sure how to limit access to the portal as a whole - usually you do that kind of thing in the web.xml descriptor of the web application. I guess that would be the $TOMCAT_HOME/webapps/jetspeed/WEB-INF/web.xml But then, would not it be overwritten when Jetspeed is redeployed using the Maven build scripts? And what url-pattern would I have to specify - /jetspeed/* or something like that? Anyway, I decided to try to protect the main portlet as the first step. In my potlet's web.xml I specified: security-constraint web-resource-collection web-resource-nameSecure EventCalendar /web-resource-name url-pattern/EventsCalendarPortlet/* /url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namedce_admin/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role role-namedce_admin/role-name /security-role and I have a corresponding role defined in the tomcat-users.xml: role rolename=dce_admin/ user username=dce_admin password=some_password roles=dce_admin/ Since I could not find any Jetspeed-specific information on specifying security constraints for individual portlets, I just used the Portlet Specification as the guide and added this to the portlet's portlet.xml: security-role-ref role-namedce_admin/role-name role-linkdce_admin/role-link /security-role-ref The EventsCalendarPortlet got deployed into J2 just fine, but it was displayed in the portal without prompting me for any username/password. If you could give me any pointers as to what I'm missing and what would the main steps be to achieve what I'm trying to do it would be great! Sorry for such a long e-mail, thanks! Marina --- Randy Watler [EMAIL PROTECTED] wrote: MP, I am more or less responsible for the J2 profiling and security features. There is some documentation in the J2 design-docs under the profiler directory, (pull from CVS). Also the demo configuration for user/user, (username=user, password=user), uses profiling extensively to customize its view and security to limit its access to the admin pages/portlets. BTW, this functionality is page based, not portlet based. Portlet security constraints can be specified in the portlet.xml, but I am not sure if they are 100% implemented at this point. Feel free to send more specific J2 questions to the list. HTH, Randy Watler -Original Message- From: M P To: Jetspeed Users List Sent: 11/27/04 12:10 PM Subject: Re: jetspeed-newbie Roles-Groups-Users Hi, David, The documentation you mentioned is for Jetspeed 1. Is it also true for Jetspeed2? If not - could you point me to where I could find it for J2? I looked through all documentation on the J2 home page and Wikis and could not find anything on how to control access to specific portlets based on user roles/ groups. Thank you! Marina --- David Sean Taylor [EMAIL PROTECTED] wrote: Thilina wrote: Hi, I need to do following thing using the jetspeed, Creating.. 3 roles - Admin, Executive, Developer 2 Groups - Administration, Users 100
Re: jetspeed-newbie Roles-Groups-Users
Hi, David, The documentation you mentioned is for Jetspeed 1. Is it also true for Jetspeed2? If not - could you point me to where I could find it for J2? I looked through all documentation on the J2 home page and Wikis and could not find anything on how to control access to specific portlets based on user roles/ groups. Thank you! Marina --- David Sean Taylor [EMAIL PROTECTED] wrote: Thilina wrote: Hi, I need to do following thing using the jetspeed, Creating.. 3 roles - Admin, Executive, Developer 2 Groups - Administration, Users 100 of users - CEO,CFO,admin, aaa, bbb, ccc, etc Setting Admin and Executive belongs to Administrative Group Developer belongs to Users Group CEO and CFO are Executive Roles admin user is belongs to Admin role aaa, bbb, ccc, etc belongs to Developer role Users group only have rights to view the information. Admin role have all the control except viewing some confidential information such as Banking and Finance information. Only CEO and CFO have rights to access those information. Admin could lock and unlock account except CEO and CFO. Is this kind of activity achieve using jetspeed 1.5? Yes. To see the User Admin, go here: http://.bluesunrise.com/jetspeed login as user = admin, pw = (sendme an email personally to get it) Go to the security tab, and then Security Browser Here you can see how to setup security constraints You will also see how to administer roles, groups and users here. Also, docs are here: http://portals.apache.org/jetspeed-1/security.html#Registry_Access_Control -- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] [office] +01 707 773 4646 [mobile] +01 707 529 9194 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: jetspeed-newbie Roles-Groups-Users
MP, I am more or less responsible for the J2 profiling and security features. There is some documentation in the J2 design-docs under the profiler directory, (pull from CVS). Also the demo configuration for user/user, (username=user, password=user), uses profiling extensively to customize its view and security to limit its access to the admin pages/portlets. BTW, this functionality is page based, not portlet based. Portlet security constraints can be specified in the portlet.xml, but I am not sure if they are 100% implemented at this point. Feel free to send more specific J2 questions to the list. HTH, Randy Watler -Original Message- From: M P To: Jetspeed Users List Sent: 11/27/04 12:10 PM Subject: Re: jetspeed-newbie Roles-Groups-Users Hi, David, The documentation you mentioned is for Jetspeed 1. Is it also true for Jetspeed2? If not - could you point me to where I could find it for J2? I looked through all documentation on the J2 home page and Wikis and could not find anything on how to control access to specific portlets based on user roles/ groups. Thank you! Marina --- David Sean Taylor [EMAIL PROTECTED] wrote: Thilina wrote: Hi, I need to do following thing using the jetspeed, Creating.. 3 roles - Admin, Executive, Developer 2 Groups - Administration, Users 100 of users - CEO,CFO,admin, aaa, bbb, ccc, etc Setting Admin and Executive belongs to Administrative Group Developer belongs to Users Group CEO and CFO are Executive Roles admin user is belongs to Admin role aaa, bbb, ccc, etc belongs to Developer role Users group only have rights to view the information. Admin role have all the control except viewing some confidential information such as Banking and Finance information. Only CEO and CFO have rights to access those information. Admin could lock and unlock account except CEO and CFO. Is this kind of activity achieve using jetspeed 1.5? Yes. To see the User Admin, go here: http://.bluesunrise.com/jetspeed login as user = admin, pw = (sendme an email personally to get it) Go to the security tab, and then Security Browser Here you can see how to setup security constraints You will also see how to administer roles, groups and users here. Also, docs are here: http://portals.apache.org/jetspeed-1/security.html#Registry_Access_Contr ol -- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] [office] +01 707 773 4646 [mobile] +01 707 529 9194 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
jetspeed-newbie Roles-Groups-Users
Hi, I need to do following thing using the jetspeed, Creating.. 3 roles - Admin, Executive, Developer 2 Groups - Administration, Users 100 of users - CEO,CFO,admin, aaa, bbb, ccc, etc Setting Admin and Executive belongs to Administrative Group Developer belongs to Users Group CEO and CFO are Executive Roles admin user is belongs to Admin role aaa, bbb, ccc, etc belongs to Developer role Users group only have rights to view the information. Admin role have all the control except viewing some confidential information such as Banking and Finance information. Only CEO and CFO have rights to access those information. Admin could lock and unlock account except CEO and CFO. Is this kind of activity achieve using jetspeed 1.5? Thank you Thilina - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jetspeed-newbie Roles-Groups-Users
Thilina wrote: Hi, I need to do following thing using the jetspeed, Creating.. 3 roles - Admin, Executive, Developer 2 Groups - Administration, Users 100 of users - CEO,CFO,admin, aaa, bbb, ccc, etc Setting Admin and Executive belongs to Administrative Group Developer belongs to Users Group CEO and CFO are Executive Roles admin user is belongs to Admin role aaa, bbb, ccc, etc belongs to Developer role Users group only have rights to view the information. Admin role have all the control except viewing some confidential information such as Banking and Finance information. Only CEO and CFO have rights to access those information. Admin could lock and unlock account except CEO and CFO. Is this kind of activity achieve using jetspeed 1.5? Yes. To see the User Admin, go here: http://.bluesunrise.com/jetspeed login as user = admin, pw = (sendme an email personally to get it) Go to the security tab, and then Security Browser Here you can see how to setup security constraints You will also see how to administer roles, groups and users here. Also, docs are here: http://portals.apache.org/jetspeed-1/security.html#Registry_Access_Control -- David Sean Taylor Bluesunrise Software [EMAIL PROTECTED] [office] +01 707 773 4646 [mobile] +01 707 529 9194 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]