5 Replies Latest reply on Jun 14, 2007 3:25 AM by Tom Baeyens

    console security

    Tom Baeyens Master

      david, what is the status on the user names ?

      can you also activate the security in the web.xml again ?

        • 1. Re: console security
          David Lloyd Master

           

          "tom.baeyens@jboss.com" wrote:
          david, what is the status on the user names ?


          It's not quite a simple search/replace. I'm working out a way to make the replacement without breaking unit tests. Should be done today.

          "tom.baeyens@jboss.com" wrote:
          can you also activate the security in the web.xml again ?


          I could, but why? I think for the initial deployment/evaluation, it's easiest for the end user to just go straight into the console. Remember that it is an administration console, not an end-user application. So there's no real benefit to requiring a login - not from an evaluation perspective, or a prototyping perspective.

          In fact it would make it harder since the users wouldn't know what to log in as unless we put the user list on the front page - something I am unwilling to do, because the user will then have to remove the list to deploy it into production.

          • 2. Re: console security
            Ronald van Kuijk Master

            me curious to... was just trying the latest console out and have some findings... not sure whether I should report them or not since I do not know if work is still on the todo list and do not want to polute the jira.

            So (O/T) things I notice are:
            - tasks can be 'ended' via a normal transition without ever being started, hence no start date in the task (related to the examine thing below)
            - the moment the comment appears is confusing.... should maybe be preceded by a popup like 'you just finished this task, do you want to add a comment to it (yes/no)
            - the 'examine' is kind of strange.. examine to me is not being able to work on it... (read only)
            - Can I start a dutch translation?

            • 3. Re: console security
              Ronald van Kuijk Master

               

              "david.lloyd@jboss.com" wrote:

              I could, but why? I think for the initial deployment/evaluation, it's easiest for the end user to just go straight into the console. Remember that it is an administration console, not an end-user application. So there's no real benefit to requiring a login - not from an evaluation perspective, or a prototyping perspective.


              I tend to disagree.... part of it is an administration console, part is simulating the process.. changing roles/users should be possible with seeing limited taskslists. Maybe the following thing sounds stupid, but if this (imo) basic functionality is not in the console, I will never get it soled to the managers here. It is then not usable for rapid prototyping and we need to develop a full webapp just to simulate the basics of a process. hmm....

              "david.lloyd@jboss.com" wrote:

              In fact it would make it harder since the users wouldn't know what to log in as unless we put the user list on the front page
              - something I am unwilling to do, because the user will then have to remove the list to deploy it into production.


              I tend to disagree to. Often we create dummy users with the role in their name and a number added to it. Easily remembered and very usable. So the issue of the list on the homepage is not a real issue.

              • 4. Re: console security
                David Lloyd Master

                 

                "kukeltje" wrote:
                me curious to... was just trying the latest console out and have some findings... not sure whether I should report them or not since I do not know if work is still on the todo list and do not want to polute the jira.

                So (O/T) things I notice are:
                - tasks can be 'ended' via a normal transition without ever being started, hence no start date in the task (related to the examine thing below)
                - the moment the comment appears is confusing.... should maybe be preceded by a popup like 'you just finished this task, do you want to add a comment to it (yes/no)
                - the 'examine' is kind of strange.. examine to me is not being able to work on it... (read only)
                - Can I start a dutch translation?


                Yes, this is an admin console so you can do pretty much anything allowed by the API, including things that are probably not a good idea. Use the security configuration in access.properties to limit access to different functions.

                The comments screen has a kind of ugly layout, but functionally I think it makes sense. Patches welcome to make it look nicer. :-) The task screens are not intended so much for people to be able to run their day-to-day tasks, but rather so that administrators can see what the status of things are, and "take things over" if needed.

                As for a dutch translation - please do! You can point out all the faults in my L10n efforts. :-)

                • 5. Re: console security
                  Tom Baeyens Master

                  for the evaluation/learning purposes, for the process participants, it is necessary that the security is turned on. how else are we able to demonstrate the task list feature ?

                  if you make sure that one user is an admin, you can always log in as that user to get all the admin features.