1 of 1 people found this helpful
There is special component "RolesExtractor" for mapping portal groups into security groups. Default implementation of this component is class org.exoplatform.services.security.impl.DefaultRolesExtractorImpl
and most important part is in method "extractRoles" in this piece of code:
for (MembershipEntry membership : memberships)
String splittedGroupName = StringUtils.split(membership.getGroup(), "/");
if (userRoleParentGroup != null && splittedGroupName.equals(userRoleParentGroup)
&& splittedGroupName.length > 1)
roles.add(splittedGroupName[splittedGroupName.length - 1]);
Variable "userRoleParentGroup" is read from configuration and default value is "platform" . So from all subgroups of "platform" the last one will be used as security group and the first will be used for rest.
For example: your user is in portal groups "/platform/users" , "/platform/administrators" , "/platform/users/employees" , "/partners" . Then after process RolesExtractor algorithm , your user will be in j2ee security groups: "users", "administrators", "employees", "partners" .
Actually role "users" is needed if you don't want to have "403 Forbidden" error when you are trying private URL (this is defined as standard web authentication in $JBOSS_HOME/server/default/deploy/gatein.ear/02portal.war/WEB-INF/web.xml .
Hope this helps,
thx very much I will try something.
Now I have portal groups mapped from LDAP via picketlink in readOnly mode
my groups from LDAP
I need login only users from LDAP
I override extractRoles function so that users in group3 have security roles: group2,group3, for users from group4 to sec. roles: group2,group4
this is OK, this is what I want, but
Now I need show UIToolbarContainer only for users in role group2 (include group3 anf group4 ) (default is for /platform/users), how can I do that?
In sharedlayout.xml I put:
but is not working
when I put:
toolbar is showed but only for users in role group3
but on toolbar is only site and group links and missing items (application registry, organization, ect, I need it). When I click on group link I get only: You dont have permission, in attached picture
gtn.GIF 5.9 KB
Interesting, I think that these access permissions should work in sharedlayout.xml . Maybe you can try to delete database and check again (If you are using HSQLDB, then you need only delete directory $JBOSS_HOME/server/default/data to delete database).
Another approach can be to tweak user roles according to your needs. For example, there is login module class CustomMembershipLoginModule, which can be added to login modules chain. This login module can be used to add all users into predefined group (for example into /platform/users) after successful login of user. More info is here https://issues.jboss.org/browse/GTNPORTAL-1347 .
So you can use this login module if you want to add all users. If you want to add only some users to /platform/users (For example only users from your group2 or subgroups) you can try to create your own login module implementation according to your needs and you can use CustomMembershipLoginModule for inspiration.
Hope this helps,
Thx for reply,
but I dont want to use platform group and other gatein portal's groups. I want use only mapped groups from LDAP
Top toolbar is showed only for users in role:role_portal-admin (set in sharedlayout.xml)
But on toolbar missing links to:
1, Administrator’s pages, Executive Board Pages, Users pages
2, Site editor – Add new page, Edit page, Edit Layout.
How can I set it?
1 of 1 people found this helpful
Ad 1 - Each group has it's navigation and so you can create navigation for your groups. Administrator's pages are visible only for members of group /platform/administrators and Executive board's pages for members of /organization/magement/executiveboard and user's pages for members of the grou /platform/users. It seems that your users are not in these groups and they are in custom groups like /group1/group2 etc. So you will need to create navigation for these groups and you can add pages according to your needs. You can do it easily through UI ( http://localhost:8080/portal/private/classic/groupnavigation ).
You will probably need to tweak permissions of pages as well. For example appliationRegistry page or PageManagement page are visible only for /platform/administrators by default. This is also doable from UI, you can login as root user and change permissions of pages on PageManagement page.
Ad 2 - Site editor - You can't see it due to the code in class org.exoplatform.toolbar.webui.component.UIAdminToolbarPortlet :
if (hasEditPermissionOnNavigation() || hasEditPermissionOnPage() || hasEditPermissionOnPortal())
So if your user does not have permission to edit page or edit portal, the AdminToolbar link is not shown . So you will need again to change permission of pages and change permission of portal. This is initially doable by root user. When users from your group /group1/group2 will have permission to edit poarticular portal or page, the links will be shown on toolbar.
Now, Site editor - Add new page, edit layout, edit page
But not show links from section Group. Where Can I setup it?
Did you try to create Group navigations for your custom groups ( /group1/group2 etc. ) ? You can do it for example through UI by these steps:
- Login as root
- Click to "Add navigation" and select your group.
- Add navigation nodes to your navigation. These nodes can point to pages with administration portlets (like Application registry, Page management, Organization management, ... ) or you can create your own pages and add administration portlets to these pages.
After logout and login of user from group /group1/group2 you should be able to see group navigation for your group.
Thx, but I can not use UI. I have to use configuration files.
So you can add your groups into server/default/deploy/gatein.ear/02portal.war/WEB-INF/conf/portal/portal-cofniguration.xml (Parameter group.configuration ) and create pages.xml and navigations.xml for your groups inside directory structure in server/default/deploy/gatein.ear/02portal.war/WEB-INF/conf/portal/group .
You can use existing group navigation configuration for inspiration and some documentation is here http://docs.jboss.com/gatein/portal/3.1.0-FINAL/reference-guide/en-US/html/chap-Reference_Guide-Development.html#sect-Reference_Guide-Portal_Navigation_Configuration-Group_Navigation .
Don't forget to delete your DB and restart portal after doing some changes in configuration files if you want to see them.
Hope this helps,