portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Watler <wat...@wispertel.net>
Subject Re: [J2] Why are there two parallel security systems?
Date Tue, 17 Jan 2006 04:46:04 GMT
David,

On Mon, 2006-01-16 at 15:29 -0800, David Jencks wrote:
> On Jan 16, 2006, at 1:54 PM, Randy Watler wrote:
> 
> > David,
> >
> > This is indeed the case for the PageManager component. The  
> > "Permissions"
> > based solution has been implemented to allow implementors that already
> > use the Java security architecture a compliant means to apply the same
> > to J2. The "Constraints" based solution allows the implementor to
> > specify security information in the PSML files. Generally speaking,  
> > the
> > "Permissions" solution was targeted for larger users and the
> > "Constraints" solution for a less formal organization that tried to
> > minimize "touch points" for portal configuration. The "Constraints"
> > solution is far more popular and is slightly more powerful capability
> > wise.
> >
> > HTH,
> 
> That helps a lot, but now I have more questions :-)
> 
> I've been assuming that only the "Permissions" solution existed :-)  
> and thought there must be some way that I hadn't found yet to get the  
> psml based permission descriptions into the rdbms based policy.  How  
> wrong is this view :-) ? Do the psml-file based security only work  
> with "Constraints" and the rdbms based stuff only work with  
> "Permissions"?

Exactly correct. They share only the use of the troublesome J2 Subject.

> 
> Also, could you explain what the "Constraints" can do that the  
> "Permissions" can't?

Constraints provide a limited ability to deny permissions to a specific
user, role, or group. AFAIK, there is no way to do this using the
Permissions approach. For example, say I wanted to allow all 'managers'
the ability to view a page, except those that are in the 'fired' group.

Randy

> 
> Many thanks!
> 
> david jencks
> 
> >
> > Randy
> >
> > On Mon, 2006-01-16 at 13:03 -0800, David Jencks wrote:
> >> It looks to me as if there are two security systems, one based on
> >> "SecurityContraints" and the other on various jetspeed defined
> >> Permissions: I think you can enable or disable these in Spring
> >> configurations.  They look to me from a short glance to do much the
> >> same things.
> >>
> >> Could someone explain why and if there are any plans for instance to
> >> eliminate one of them in the future?  Why would I use one rather than
> >> the other?
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> >> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> >>
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message