2 Replies Latest reply on Sep 1, 2006 6:41 PM by Pieter Rijken

    problem configuring portal security

    Pieter Rijken Newbie

      I am trying to configure the security for the portal pages.
      In my *-object.xml file I have:

      <?xml version="1.0" encoding="UTF-8"?>
      <deployments>
       <deployment>
       <if-exists>overwrite</if-exists>
       <parent-ref>LogicaCMG</parent-ref>
       <properties/>
       <page>
       <page-name>[01]Home</page-name>
       <properties>
       <property>
       <name>order</name>
       <value>01</value>
       </property>
       <property>
       <name>icon</name>
       <value>/images/navigation/Home.png</value>
       </property>
       </properties>
       <window>
       <window-name>Navigation</window-name>
       <instance-ref>SmartNavigationInstance</instance-ref>
       <region>navigation</region>
       <height>0</height>
       <properties>
       <property><name>theme.windowRendererId</name><value>emptyRenderer</value></property>
       <property><name>theme.decorationRendererId</name><value>emptyRenderer</value></property>
       <property><name>theme.portletRendererId</name><value>emptyRenderer</value></property>
       </properties>
       </window>
       <window>
       <window-name>[01]Welcome</window-name>
       <instance-ref>WelcomeInstance</instance-ref>
       <region>center</region>
       <height>0</height>
       </window>
       <security-constraint>
       <policy-permission>
       <role-name>User</role-name>
       <action-name>personaliserecursive</action-name>
       </policy-permission>
       </security-constraint>
       </page>
       </deployment>
      </deployments>
      


      but the <securtity-constraint>...</security-constraint> does not seem to have an effect when I try to access the page.
      I captured the following trace:
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /portal/portal/LogicaCMG
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false
      2006-09-01 13:57:34,434 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located
      2006-09-01 13:57:34,434 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint
      2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callernull
      2006-09-01 13:57:34,434 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
      2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.RunAsListener] PortalServletWithPathMapping, runAs: null
      2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.RunAsListener] PortalServletWithPathMapping, runAs: null
      2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Created with id=252BF826603B10B0714B81967032E580
      2006-09-01 13:57:34,464 DEBUG [org.jboss.portal.theme.impl.LayoutServiceImpl] get logicacmg...
      2006-09-01 13:57:34,464 DEBUG [org.jboss.portal.theme.impl.LayoutServiceImpl] found logicacmg
      2006-09-01 13:57:34,465 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject
      2006-09-01 13:57:34,465 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject
      2006-09-01 13:57:34,465 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
      2006-09-01 13:57:34,466 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies, domain=ProtectionDomain null
       null
       <no principals>
       java.security.Permissions@113230c (
       (javax.security.jacc.WebUserDataPermission /:/auth/*:/authsec/*:/sec/*)
       (javax.security.jacc.WebUserDataPermission /auth/*:/authsec/*)
       (javax.security.jacc.WebUserDataPermission /authsec/* :CONFIDENTIAL)
       (javax.security.jacc.WebUserDataPermission /sec/*)
       (javax.security.jacc.WebResourcePermission /:/auth/*:/authsec/*:/sec/*)
       (javax.security.jacc.WebResourcePermission /auth/*:/authsec/*)
       (javax.security.jacc.WebResourcePermission /authsec/*)
       (javax.security.jacc.WebResourcePermission /sec/*)
       (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping User)
       (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping Authenticated)
       (javax.security.jacc.WebRoleRefPermission jsp User)
       (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping User)
       (javax.security.jacc.WebRoleRefPermission User)
       (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping Authenticated)
      )
      
      , permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission create,personalizerecursive)
      2006-09-01 13:57:34,466 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
      2006-09-01 13:57:34,466 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies javax.security.auth.Subject.container: null
      2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.ContextPolicy] Allowed: Matched unchecked set, permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission create,personalizerecursive)
      2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implied=true
      2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:result=true
      2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:result=true
      2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject
      2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject
      2006-09-01 13:57:34,474 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
      2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies, domain=ProtectionDomain null
       null
       <no principals>
       java.security.Permissions@2cca38 (
       (javax.security.jacc.WebUserDataPermission /:/auth/*:/authsec/*:/sec/*)
       (javax.security.jacc.WebUserDataPermission /auth/*:/authsec/*)
       (javax.security.jacc.WebUserDataPermission /authsec/* :CONFIDENTIAL)
       (javax.security.jacc.WebUserDataPermission /sec/*)
       (javax.security.jacc.WebResourcePermission /:/auth/*:/authsec/*:/sec/*)
       (javax.security.jacc.WebResourcePermission /auth/*:/authsec/*)
       (javax.security.jacc.WebResourcePermission /authsec/*)
       (javax.security.jacc.WebResourcePermission /sec/*)
       (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping User)
       (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping Authenticated)
       (javax.security.jacc.WebRoleRefPermission jsp User)
       (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping User)
       (javax.security.jacc.WebRoleRefPermission User)
       (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping Authenticated)
      )
      
      , permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission personalizerecursive)
      2006-09-01 13:57:34,474 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
      2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies javax.security.auth.Subject.container: null
      


      Any help with what I am doing wrong/missing is greatly appreciated.

      pieter