-
1. Re: Security constraints for portlets
franco12 Sep 25, 2006 7:48 AM (in response to mifa)I got the same problem
ACL are working for 'pages' but not for 'windows'.
I'm also unable to find the link to create a user.
< I'm using JBoss Portal 2.4.0-GA (bundle with AS) on Windows > -
2. Re: Security constraints for portlets
franco12 Sep 25, 2006 8:10 AM (in response to mifa)I'm also unable to find the link to create a user.
sorry !
I found it :)
François -
3. Re: Security constraints for portlets
julien1 Sep 25, 2006 11:23 AM (in response to mifa)Yes ACL is not effective for windows. You should rather use ACL for instances.
We made that choice to keep security configuration not redundant. -
4. Re: Security constraints for portlets
mifa Sep 25, 2006 5:22 PM (in response to mifa)What is ACL?
If I have correctly understood, it can be made all my stuff by editing *-objects.xml only by hand.
Is it possible to solve it by program way ( for example to write administrative portlet)?
I.e. whether is in a jboss portal necessary API by means of which I can operate *-objects.xml (assign security constraints for portlets) in life? -
5. Re: Security constraints for portlets
peterj Sep 25, 2006 6:30 PM (in response to mifa)Did you want all four portlets on the same page or on different pages?
For different pages, set it up as follows:Object RoleA RoleB Unchecked Page1 view -none- -none- Portlet1 -none- -none- view Portlet2 -none- -none- view Page2 -none- view -none- Portlet3 -none- -none- view Portlet4 -none- -none- view
Or you could do:Object RoleA RoleB Unchecked Page1 view -none- -none- Portlet1 view -none- -none- Portlet2 view -none- -none- Page2 -none- view -none- Portlet3 -none- view -none- Portlet4 -none- view -none-
If you want all four portlets on the same page:Object RoleA RoleB Unchecked Page1 view -none- -none- Portlet1 view -none- -none- Portlet2 view -none- -none- Portlet3 -none- view -none- Portlet4 -none- view -none-
And as Julien mentioned, the security on the portlets is done at the instance level, not on the window level.
Finally, in jboss-portal.sar/conf/config.xml, change the value of the core.render.window_access_denied entry to 'hide':<entry key="core.render.window_access_denied">hide</entry>
Without this final change, in the single page scenario the users will see errors for the portlets they are not allowed to view. -
6. Re: Security constraints for portlets
peterj Sep 25, 2006 6:34 PM (in response to mifa)Oops, saw a problem in the single page scenario -- I forgot to give view access to RoleB. Here are the corrected settings:
Object RoleA RoleB Unchecked Page1 view view -none- Portlet1 view -none- -none- Portlet2 view -none- -none- Portlet3 -none- view -none- Portlet4 -none- view -none-
Or you could do:Object RoleA RoleB Unchecked Page1 -none- -none- view Portlet1 view -none- -none- Portlet2 view -none- -none- Portlet3 -none- view -none- Portlet4 -none- view -none-
-
7. Re: Security constraints for portlets
franco12 Sep 26, 2006 4:13 AM (in response to mifa)Thanks a lot Peter
I'm now using ACL on instances and it works great. -
8. Re: Security constraints for portlets
mifa Sep 27, 2006 6:53 AM (in response to mifa)I want all portlets on the same page.
I have changed jboss-portal.sar/conf/config.xml to "hide"
(hide)
I have created two roles and have assign users to these roles.
Further has created page with two portlets and for everyone portlet has assign
permission. (For Portlet1 - RoleA, Portlet2 - RoleB - as shown in images below)
[img]http://www.mifan.info/rolea.jpg[/img]
[img]http://www.mifan.info/roleb.jpg[/img]
Then I log in in a portal under one of users of RoleA. But I saw both portlets at once, instead of that which should be visible.
Why does not work, what I do wrong? -
9. Re: Security constraints for portlets
peterj Sep 27, 2006 11:01 AM (in response to mifa)What is the security configuration for the two portlet instances? You never said that you set those.
-
10. Re: Security constraints for portlets
mifa Sep 27, 2006 11:47 AM (in response to mifa)What is the security configuration for the two portlet instances? You never said that you set those.
What do you mean? Have you mean security configuration in *-objects.xml?
I would like just to assign permission for instance on the fly in administrative portlet.
I have created two instances of "News Portlet" and has named them as "Portlet1" and "Portlet2".Further has created page with two portlets and for everyone portlet has assign permission. (For Portlet1 - RoleA, Portlet2 - RoleB - as shown in images below)
Object RoleA RoleB Unchecked Page1 view view -none- Portlet1 view -none- -none- Portlet2 -none- view -none-
Look at the images:
http://www.mifan.info/rolea.jpg
http://www.mifan.info/roleb.jpg
Or I don't understand something? -
11. Re: Security constraints for portlets
peterj Sep 27, 2006 12:31 PM (in response to mifa)I did look at the screen shots, which show the security being set for the page. But you never set security for the portlet instances. To do this, in the Management Portlet, click on the Instances link at the top of the window. That will list all of the portlet instances. Scroll or page through the list until you come to the portlets that you want to restict. Then click on the portlet instance name (not the portlet name!), and then click on the Security link on the right-hand side. This will show you roles but with only one access right for each role: view. Set those as indicated in your post.
-
12. Re: Security constraints for portlets
mifa Sep 27, 2006 1:49 PM (in response to mifa)Did I not assign for instances of portlet permission?
I thought when I place instance of portlet on page directly, ?hose instance with mouse and pressed the "security" link, then
assigned permission it is enough of it.
I have made, as you have written and have assign security properties of each instance, but portlets are still visible for all roles. Any ideas what is wrong?
At me it was automatically established security property for the Uncheked-role as visible and I could not change it to unmark.
How it is possible to assign "-none-" for a role?
screenshots:
http://www.mifan.info/i1.jpg
http://www.mifan.info/i2.jpg -
13. Re: Security constraints for portlets
peterj Sep 27, 2006 2:11 PM (in response to mifa)You granted the 'unchecked' role the 'view' access. Remove that access (hold down the CTRL key while clicking 'view' to remove it).
-
14. Re: Security constraints for portlets
mifa Sep 27, 2006 2:36 PM (in response to mifa)It has turned out! Thanks you Peter! :)
One more question. When I login as the user I can edit properties of portlet, but I granted role as "view" and not as "personalize". In my case it is properties of "news portlet" where I set a new source-url.
I would like that roles could see, but not edit property of portlet.