portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Sean Taylor <da...@bluesunrise.com>
Subject Re: Extending profile locator in Jetspeed 1
Date Thu, 20 Nov 2003 16:43:48 GMT

On Thursday, November 20, 2003, at 02:56  AM, Sami Leino wrote:

>> The Profiler interface already has createProfileLocator() method.
>> Just need to make it configurable via the properties file and load 
>> your
>> locator I can make this change easily if you. I will do it today
> That would be a nice thing to have. If you have some spare time and see
> this feature useful, please go ahead. Just make sure that the
> implementation defaults to the standard ProfileLocator when the custom
> class has not been excplicitly defined in the property file.
Done, do a CVS update to get the changes

>> Jetspeed doesn't actually use Groups for its own purpose, it just
>> always defaults the group to "Jetspeed".
>> I think you could use the Group as the organization.
>> I know that Santiago does this....
> I have many times been wondering about the significance of the Group
> entity. Isn't it so that the roles are dependent of the groups in the 
> way
> that (in theory) user could have role "admin" within group "group1" and
> role "user" within group "group2"?

Its the security implementation that hard-codes the Jetspeed group
We still use the Turbine database model, although all the Turbine 
security has been ripped out
This is the security service represents a user having a role
Its three-way relationship USER + GROUP + ROLE
I think it would be possible to add security checks with the group, 
requiring a new set of methods on the  RoleManagement  interface that 
include a group parameter

> At least the LDAP implementation ties roles to groups in that way.
> Therefore, I can not totally discard the Jetspeed group, but I could
> attach another group to users for representing the organization. When
> setting the group to ProfileLocator, I could ignore the "Jetspeed" 
> group
> and set the other one to it instead. Then, I could use that 
> information to
> locate the profile. Do you see this as a good alternative?
Yes I think its worth looking into

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

View raw message