problem configuring portal security
prijken Sep 1, 2006 8:11 AMI am trying to configure the security for the portal pages.
In my *-object.xml file I have:
<?xml version="1.0" encoding="UTF-8"?> <deployments> <deployment> <if-exists>overwrite</if-exists> <parent-ref>LogicaCMG</parent-ref> <properties/> <page> <page-name>[01]Home</page-name> <properties> <property> <name>order</name> <value>01</value> </property> <property> <name>icon</name> <value>/images/navigation/Home.png</value> </property> </properties> <window> <window-name>Navigation</window-name> <instance-ref>SmartNavigationInstance</instance-ref> <region>navigation</region> <height>0</height> <properties> <property><name>theme.windowRendererId</name><value>emptyRenderer</value></property> <property><name>theme.decorationRendererId</name><value>emptyRenderer</value></property> <property><name>theme.portletRendererId</name><value>emptyRenderer</value></property> </properties> </window> <window> <window-name>[01]Welcome</window-name> <instance-ref>WelcomeInstance</instance-ref> <region>center</region> <height>0</height> </window> <security-constraint> <policy-permission> <role-name>User</role-name> <action-name>personaliserecursive</action-name> </policy-permission> </security-constraint> </page> </deployment> </deployments>
but the <securtity-constraint>...</security-constraint> does not seem to have an effect when I try to access the page.
I captured the following trace:
2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /portal/portal/LogicaCMG 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false 2006-09-01 13:57:34,434 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located 2006-09-01 13:57:34,434 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callernull 2006-09-01 13:57:34,434 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.RunAsListener] PortalServletWithPathMapping, runAs: null 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.RunAsListener] PortalServletWithPathMapping, runAs: null 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Created with id=252BF826603B10B0714B81967032E580 2006-09-01 13:57:34,464 DEBUG [org.jboss.portal.theme.impl.LayoutServiceImpl] get logicacmg... 2006-09-01 13:57:34,464 DEBUG [org.jboss.portal.theme.impl.LayoutServiceImpl] found logicacmg 2006-09-01 13:57:34,465 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject 2006-09-01 13:57:34,465 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject 2006-09-01 13:57:34,465 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null 2006-09-01 13:57:34,466 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies, domain=ProtectionDomain null null <no principals> java.security.Permissions@113230c ( (javax.security.jacc.WebUserDataPermission /:/auth/*:/authsec/*:/sec/*) (javax.security.jacc.WebUserDataPermission /auth/*:/authsec/*) (javax.security.jacc.WebUserDataPermission /authsec/* :CONFIDENTIAL) (javax.security.jacc.WebUserDataPermission /sec/*) (javax.security.jacc.WebResourcePermission /:/auth/*:/authsec/*:/sec/*) (javax.security.jacc.WebResourcePermission /auth/*:/authsec/*) (javax.security.jacc.WebResourcePermission /authsec/*) (javax.security.jacc.WebResourcePermission /sec/*) (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping User) (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping Authenticated) (javax.security.jacc.WebRoleRefPermission jsp User) (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping User) (javax.security.jacc.WebRoleRefPermission User) (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping Authenticated) ) , permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission create,personalizerecursive) 2006-09-01 13:57:34,466 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null 2006-09-01 13:57:34,466 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies javax.security.auth.Subject.container: null 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.ContextPolicy] Allowed: Matched unchecked set, permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission create,personalizerecursive) 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implied=true 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:result=true 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:result=true 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject 2006-09-01 13:57:34,474 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies, domain=ProtectionDomain null null <no principals> java.security.Permissions@2cca38 ( (javax.security.jacc.WebUserDataPermission /:/auth/*:/authsec/*:/sec/*) (javax.security.jacc.WebUserDataPermission /auth/*:/authsec/*) (javax.security.jacc.WebUserDataPermission /authsec/* :CONFIDENTIAL) (javax.security.jacc.WebUserDataPermission /sec/*) (javax.security.jacc.WebResourcePermission /:/auth/*:/authsec/*:/sec/*) (javax.security.jacc.WebResourcePermission /auth/*:/authsec/*) (javax.security.jacc.WebResourcePermission /authsec/*) (javax.security.jacc.WebResourcePermission /sec/*) (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping User) (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping Authenticated) (javax.security.jacc.WebRoleRefPermission jsp User) (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping User) (javax.security.jacc.WebRoleRefPermission User) (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping Authenticated) ) , permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission personalizerecursive) 2006-09-01 13:57:34,474 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies javax.security.auth.Subject.container: null
Any help with what I am doing wrong/missing is greatly appreciated.
pieter