portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Watler <wat...@wispertel.net>
Subject Re: Jetspeed2 Security
Date Fri, 10 Jun 2005 20:05:05 GMT
Amit,

You can define named <security-constraint-def/> types in the 
WEB-INF/pages/page.security file and use these to control access to 
folders and pages in the site.

These definitions can include user, role, and group specifications. See 
the demo site.

So, perhaps you can find a way to model your needs with these? Let me 
know if you think you need to expand this mechanism to make it work in 
your case.

Randy

Shah Amit wrote:

> Hi David,
>
> Thanks for your response.
>
> But I think it is still kind of insufficient for my situation. I dont 
> know if that is the case for the originator of this thread, but I will 
> explain my situation --
>
> I have a few customers with companies say A, B, C.
> I want to have some permissions - P,Q,R,W,X, Y, Z
> I want to create some "high level groups" of permissions -
> J -> has P, Q, R
> G -> has X, Y, Z
> I -> has Q, Y, Z
>
> Now I want to assign these "high level groups" of permissions to 
> companies -
> A -> has J
> B -> has G
> C -> has I
>
> And then, a user simply belongs to a company.
> Joe -> Company A
> John -> Company B
> Smith -> Company C
>
> Thanks,
> Amit
>
>
> ----Original Message Follows----
> From: David Sean Taylor <david@bluesunrise.com>
> Reply-To: "Jetspeed Developers List" <jetspeed-dev@portals.apache.org>
> To: Jetspeed Developers List <jetspeed-dev@portals.apache.org>
> Subject: Re: Jetspeed2 Security
> Date: Fri, 10 Jun 2005 10:50:08 -0700
>
> Shah Amit wrote:
>
>> I have the exact same problem !!! I think with J2, roles and groups 
>> are just 2 interchangeable ways of catagorizing users. I tried to 
>> find a link between those, but I couldn't. Finally I ended up 
>> designing my system accordingly atleast for now.
>>
>> I just check for roles in my system, and treat roles as "actual 
>> permissions".
>>
> Im not sure if I understand the question.
> So please be patient with me if Im totally off target here.
> It won't be the first time!
>
> Do you want to "link" or associate, roles with groups. Is that correct?
>
> In the database schema, there is the SECURITY_GROUP_ROLE table:
>
>     <table name="SECURITY_GROUP_ROLE">
>         <column name="GROUP_ID" primaryKey="true" required="true" 
> type="INTEGER"/>
>         <column name="ROLE_ID" primaryKey="true" required="true" 
> type="INTEGER"/>
>         <foreign-key foreignTable="SECURITY_PRINCIPAL" 
> onDelete="cascade">
>             <reference foreign="PRINCIPAL_ID" local="GROUP_ID"/>
>         </foreign-key>
>         <foreign-key foreignTable="SECURITY_PRINCIPAL" 
> onDelete="cascade">
>             <reference foreign="PRINCIPAL_ID" local="ROLE_ID"/>
>         </foreign-key>
>     </table>
>
> In the API, there is:
>
> o.a.j.security.RoleManager:
>
>     Collection getRolesInGroup(String groupFullPathName) throws 
> SecurityException;
>     void addRoleToGroup(String roleFullPathName, String 
> groupFullPathName) throws SecurityException;
>     void removeRoleFromGroup(String roleFullPathName, String 
> groupFullPathName) throws SecurityException;
>     boolean isGroupInRole(String groupFullPathName, String 
> roleFullPathName) throws SecurityException;
> ....
>
> o.a.j.security.GroupManager:
>
>     Collection getGroupsInRole(String roleFullPathName) throws 
> SecurityException;
>
> hth,
>
> -- 
> David Sean Taylor
> Bluesunrise Software
> david@bluesunrise.com
> [office] +01 707 773-4646
> [mobile] +01 707 529 9194
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message