Martin, thanks for a guide! I took a look at the Jetspeed (and portlet specifications too) and it seems pretty intresting. I'll definetely study it. The only thing that scares me that spec-s (http://www.jcp.org/aboutJava/communityprocess/review/jsr168/) wasnt updated since 2003
And yes, you really got it. Our system indeed is a portal and CMS and something else too. And it somehow resembles the functions the Portal API has. At this moment we're developing CRM part based on it. We already have a whole bunch of portal functionality (it doesnt have any XML config cause it's highly dynamic and config is stored in DB) and very specific security system, tuned to our specific features, and at this point I'm not sure we'll be able to seamlessly integrate any second-party solution into this architecture. mgainty wrote: > > > that was a 30 second solution amongst 100 different solutions<BR> > > so maybe you want to categorise the jsps and then enable / disable > view/update/delete of the resources<BR> in those categories depending on > the authenticated credentials of the user<BR> > for this scenario you might want to look at portals and or > content-management system<s><BR> > > i would start here<BR> > http://portals.apache.org/jetspeed-1/fusion.html<BR> > > Martin<BR> > ______________________________________________ <BR> > Disclaimer and confidentiality note > Everything in this e-mail and any attachments relates to the official > business of Sender. This transmission is of a confidential nature and > Sender does not endorse distribution to any party other than intended > recipient. Sender does not necessarily endorse content contained within > this transmission. > > >> Date: Sat, 13 Sep 2008 17:32:29 -0700 >> From: [EMAIL PROTECTED] >> To: users@tomcat.apache.org >> Subject: Question is answered. See Bill Barker-2 answer >> >> >> Hi, Martin >> Thanks for the answer >> I see, what you mean, but the problem is slightly different >> >> The matter is that our users can change jsp files whatever they like via >> administrative interface, so we want to restrict the use of scriplets in >> these jsp's because of possible abuses >> >> Bill Barker-2 provided the comprehensive answer to this problem >> >> >> mgainty wrote: >> > >> > >> > use ths struts if tag to conditionally disable the code >> > <%@ taglib prefix="s" uri="/struts-tags"%> >> > >> > <s:if test="%{false}"> >> > <div>Will Not Be Executed</div> >> > </s:if> >> > >> > http://struts.apache.org/2.0.11.2/docs/if.html >> > datorită struts >> > Martin >> > ______________________________________________ >> > Disclaimer and confidentiality note >> > Everything in this e-mail and any attachments relates to the official >> > business of Sender. This transmission is of a confidential nature and >> > Sender does not endorse distribution to any party other than intended >> > recipient. Sender does not necessarily endorse content contained within >> > this transmission. >> > >> > >> >> Date: Sat, 13 Sep 2008 08:58:59 -0700 >> >> From: [EMAIL PROTECTED] >> >> To: users@tomcat.apache.org >> >> Subject: Re: Disable java code execution <%blabla%> in jsp, but >> permits >> >> tags >> >> >> >> >> >> We want them to be able to customize information they get from our >> system >> >> by >> >> using custom tags >> >> >> >> >> >> H. Hall wrote: >> >> > >> >> > kazukin6 wrote: >> >> >> Plz Help !! >> >> >> Is it possible to disable all java code execution within jsp page >> (by >> >> >> security manager or something) >> >> >> but allow custom tags to be executed? >> >> >> >> >> >> The problem is that the users can change jsp files, and due to >> >> security >> >> >> reasons we can allow them to use only tags >> >> >> >> >> > Why are users allowed to change jsp files? >> >> > >> >> > HH >> >> > >> >> > >> >> > >> >> > -- >> >> > H. Hall >> >> > ReedyRiver Group LLC >> >> > http://www.reedyriver.com >> >> > >> >> > >> >> > >> --------------------------------------------------------------------- >> >> > To start a new topic, e-mail: users@tomcat.apache.org >> >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> > For additional commands, e-mail: [EMAIL PROTECTED] >> >> > >> >> > >> >> > >> >> >> >> -- >> >> View this message in context: >> >> >> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19471795.html >> >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> >> >> >> --------------------------------------------------------------------- >> >> To start a new topic, e-mail: users@tomcat.apache.org >> >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > >> > _________________________________________________________________ >> > Get more out of the Web. Learn 10 hidden secrets of Windows Live. >> > >> http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 >> > >> >> -- >> View this message in context: >> http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476209.html >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > _________________________________________________________________ > See how Windows connects the people, information, and fun that are part of > your life. > http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/ > -- View this message in context: http://www.nabble.com/Disable-java-code-execution-%3C-blabla-%3E-in-jsp%2C-but-permits-tags-tp19415053p19476725.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
