portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Le Strat <dlest...@yahoo.com>
Subject Re: Jetspeed2 Security
Date Fri, 10 Jun 2005 23:12:18 GMT

Amit,

I may be totally off base but I think that what you
are trying to do can easily be supported.  See below.

Regards,

David Le Strat.

--- Shah Amit <amit_shah25@hotmail.com> wrote:

> Hi David,
> 
> Thanks for your response.
> 
> But I think it is still kind of insufficient for my
> situation. I dont know 
> if that is the case for the originator of this
> thread, but I will explain my 
> situation --

To do what you are trying to do, you will need to
leverage declarative security.  There is no portlet UI
currently supporting this (the permission part).

Companies A, B, C would map to Group A, B, C


> I have a few customers with companies say A, B, C.
> I want to have some permissions - P,Q,R,W,X, Y, Z
> I want to create some "high level groups" of
> permissions -
> J -> has P, Q, R
> G -> has X, Y, Z
> I -> has Q, Y, Z

J, G, I would map to Role J, G, I
where
<security-constraint>
      <roles>Role J</roles>    
      <permissions>P, Q, R</permissions>
</security-constraint>
<security-constraint>
      <roles>Role G</roles>    
      <permissions>X, Y, Z</permissions>
</security-constraint>
etc...

> 
> Now I want to assign these "high level groups" of
> permissions to companies -
> A -> has J
> B -> has G
> C -> has I

So now Group A has Role J
Group B has Role G, etc.

> 
> And then, a user simply belongs to a company.
> Joe -> Company A
> John -> Company B
> Smith -> Company C

And finally Joe is in Company A.

Hope this helps.

> 
> Thanks,
> Amit
> 
> 
> ----Original Message Follows----
> From: David Sean Taylor <david@bluesunrise.com>
> Reply-To: "Jetspeed Developers List"
> <jetspeed-dev@portals.apache.org>
> To: Jetspeed Developers List
> <jetspeed-dev@portals.apache.org>
> Subject: Re: Jetspeed2 Security
> Date: Fri, 10 Jun 2005 10:50:08 -0700
> 
> Shah Amit wrote:
> >I have the exact same problem !!! I think with J2,
> roles and groups are 
> >just 2 interchangeable ways of catagorizing users.
> I tried to find a link 
> >between those, but I couldn't. Finally I ended up
> designing my system 
> >accordingly atleast for now.
> >
> >I just check for roles in my system, and treat
> roles as "actual 
> >permissions".
> >
> Im not sure if I understand the question.
> So please be patient with me if Im totally off
> target here.
> It won't be the first time!
> 
> Do you want to "link" or associate, roles with
> groups. Is that correct?
> 
> In the database schema, there is the
> SECURITY_GROUP_ROLE table:
> 
>      <table name="SECURITY_GROUP_ROLE">
>          <column name="GROUP_ID" primaryKey="true"
> required="true" 
> type="INTEGER"/>
>          <column name="ROLE_ID" primaryKey="true"
> required="true" 
> type="INTEGER"/>
>          <foreign-key
> foreignTable="SECURITY_PRINCIPAL"
> onDelete="cascade">
>              <reference foreign="PRINCIPAL_ID"
> local="GROUP_ID"/>
>          </foreign-key>
>          <foreign-key
> foreignTable="SECURITY_PRINCIPAL"
> onDelete="cascade">
>              <reference foreign="PRINCIPAL_ID"
> local="ROLE_ID"/>
>          </foreign-key>
>      </table>
> 
> In the API, there is:
> 
> o.a.j.security.RoleManager:
> 
>      Collection getRolesInGroup(String
> groupFullPathName) throws 
> SecurityException;
>      void addRoleToGroup(String roleFullPathName,
> String groupFullPathName) 
> throws SecurityException;
>      void removeRoleFromGroup(String
> roleFullPathName, String 
> groupFullPathName) throws SecurityException;
>      boolean isGroupInRole(String groupFullPathName,
> String 
> roleFullPathName) throws SecurityException;
> ....
> 
> o.a.j.security.GroupManager:
> 
>      Collection getGroupsInRole(String
> roleFullPathName) throws 
> SecurityException;
> 
> hth,
> 
> --
> David Sean Taylor
> Bluesunrise Software
> david@bluesunrise.com
> [office] +01 707 773-4646
> [mobile] +01 707 529 9194
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail:
> jetspeed-dev-help@portals.apache.org
> 
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail:
> jetspeed-dev-help@portals.apache.org
> 
> 



		
__________________________________ 
Discover Yahoo! 
Stay in touch with email, IM, photo sharing and more. Check it out! 
http://discover.yahoo.com/stayintouch.html

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message