portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Sean Taylor" <da...@bluesunrise.com>
Subject RE: Group / Role Portals
Date Sat, 26 Jan 2002 18:08:20 GMT
> Don't put permission checks in the implementation code.
> The idea I'm implementing is to have wrapper classes which 
> take care of 
> the security checks and isolate internal classes from the 
> "portletAPI" 
> visible classes. This could even allow for unplugging completely the 
> security checks, by just having different wrappers or no 
> wrapper at all.

+ 1 Declarative security + interceptors.

> For the moment, I have committed wrappers for portlets. I'm in the 
> process of removing security checks related with portlets and 
> controls/controllers (no longer needed) and wrapping the 
> portlets in the 
> PortletFactory. The code results much cleaner, and we have a 
> small set 
> of classes where all the semantics of the security is contained.
> I'm still working in PortletSet wrappers, which will take care of the 
> PSML security checks (after all, a PSML document is a big portletset. 
> This is still not cristal clear to me, but everything looks promising.
> Still missing the changes in PSML/registry formats for new security 
> constraints

Why not put the <security role="user"/> tag as a child element of the
<portlets> tag:

<portlets xmlns="http://www.apache.org/2000/02/CVS">
	<security role="user"/>

> >
> >- correctly rewrite the links to include these parameters
> >
> This is an important thing to be done. Please, concentrate here. It 
> would be nice if default values are not added to the URL. For 
> instance:
> /group/global --> not added
> /role/user --> ? I don not see roles completely yet 
> /user/<currentUser> --> not added
> >
> >- add jlink methods to build these links from .vm
> >
> Ditto. It would be great if all URL generating code is put 
> together in 
> the same class. grep is wonderful for this ;)
> >
> >>Need any help?
> >>
> >sure
> >
> I think a IRC meeting would be great, to coordinate this 
> efforts. Give 
> me a touch and we can try to make it ASAP.

When are you available?
What about Irc.whichever.com:6667 #jetspeed

> The profile returned by the fallback algorithm should be the 
> repository 
> of all this information. I.E. the customizer should only work 
> with it, 

Yes, that is a problem right now - we cant even customize the anon page.

> Rule: all PSML related calls in the request path *must* get 
> the document 
> through data.getProfile(), so all are working on the current one.


To unsubscribe, e-mail:   <mailto:jetspeed-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:jetspeed-dev-help@jakarta.apache.org>

View raw message