[jboss-user] [JBoss Portal] - problem configuring portal security
prijken
do-not-reply at jboss.com
Fri Sep 1 08:11:10 EDT 2006
I am trying to configure the security for the portal pages.
In my *-object.xml file I have:
| <?xml version="1.0" encoding="UTF-8"?>
| <deployments>
| <deployment>
| <if-exists>overwrite</if-exists>
| <parent-ref>LogicaCMG</parent-ref>
| <properties/>
| <page>
| <page-name>[01]Home</page-name>
| <properties>
| <property>
| <name>order</name>
| <value>01</value>
| </property>
| <property>
| <name>icon</name>
| <value>/images/navigation/Home.png</value>
| </property>
| </properties>
| <window>
| <window-name>Navigation</window-name>
| <instance-ref>SmartNavigationInstance</instance-ref>
| <region>navigation</region>
| <height>0</height>
| <properties>
| <property><name>theme.windowRendererId</name><value>emptyRenderer</value></property>
| <property><name>theme.decorationRendererId</name><value>emptyRenderer</value></property>
| <property><name>theme.portletRendererId</name><value>emptyRenderer</value></property>
| </properties>
| </window>
| <window>
| <window-name>[01]Welcome</window-name>
| <instance-ref>WelcomeInstance</instance-ref>
| <region>center</region>
| <height>0</height>
| </window>
| <security-constraint>
| <policy-permission>
| <role-name>User</role-name>
| <action-name>personaliserecursive</action-name>
| </policy-permission>
| </security-constraint>
| </page>
| </deployment>
| </deployments>
|
but the <securtity-constraint>...</security-constraint> does not seem to have an effect when I try to access the page.
I captured the following trace:
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /portal/portal/LogicaCMG
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Authenticated]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,433 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET /portal/LogicaCMG --> false
| 2006-09-01 13:57:34,434 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located
| 2006-09-01 13:57:34,434 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint
| 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callernull
| 2006-09-01 13:57:34,434 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
| 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.RunAsListener] PortalServletWithPathMapping, runAs: null
| 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.RunAsListener] PortalServletWithPathMapping, runAs: null
| 2006-09-01 13:57:34,434 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Created with id=252BF826603B10B0714B81967032E580
| 2006-09-01 13:57:34,464 DEBUG [org.jboss.portal.theme.impl.LayoutServiceImpl] get logicacmg...
| 2006-09-01 13:57:34,464 DEBUG [org.jboss.portal.theme.impl.LayoutServiceImpl] found logicacmg
| 2006-09-01 13:57:34,465 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject
| 2006-09-01 13:57:34,465 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject
| 2006-09-01 13:57:34,465 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
| 2006-09-01 13:57:34,466 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies, domain=ProtectionDomain null
| null
| <no principals>
| java.security.Permissions at 113230c (
| (javax.security.jacc.WebUserDataPermission /:/auth/*:/authsec/*:/sec/*)
| (javax.security.jacc.WebUserDataPermission /auth/*:/authsec/*)
| (javax.security.jacc.WebUserDataPermission /authsec/* :CONFIDENTIAL)
| (javax.security.jacc.WebUserDataPermission /sec/*)
| (javax.security.jacc.WebResourcePermission /:/auth/*:/authsec/*:/sec/*)
| (javax.security.jacc.WebResourcePermission /auth/*:/authsec/*)
| (javax.security.jacc.WebResourcePermission /authsec/*)
| (javax.security.jacc.WebResourcePermission /sec/*)
| (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping User)
| (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping Authenticated)
| (javax.security.jacc.WebRoleRefPermission jsp User)
| (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping User)
| (javax.security.jacc.WebRoleRefPermission User)
| (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping Authenticated)
| )
|
| , permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission create,personalizerecursive)
| 2006-09-01 13:57:34,466 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
| 2006-09-01 13:57:34,466 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies javax.security.auth.Subject.container: null
| 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.ContextPolicy] Allowed: Matched unchecked set, permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission create,personalizerecursive)
| 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implied=true
| 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:result=true
| 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:result=true
| 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject
| 2006-09-01 13:57:34,474 TRACE [org.jboss.portal.security.impl.jacc.JACCPortalAuthorizationManager] hasPermission:uri=LogicaCMG.[01]Home::action=portalobject::type=portalobject
| 2006-09-01 13:57:34,474 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
| 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies, domain=ProtectionDomain null
| null
| <no principals>
| java.security.Permissions at 2cca38 (
| (javax.security.jacc.WebUserDataPermission /:/auth/*:/authsec/*:/sec/*)
| (javax.security.jacc.WebUserDataPermission /auth/*:/authsec/*)
| (javax.security.jacc.WebUserDataPermission /authsec/* :CONFIDENTIAL)
| (javax.security.jacc.WebUserDataPermission /sec/*)
| (javax.security.jacc.WebResourcePermission /:/auth/*:/authsec/*:/sec/*)
| (javax.security.jacc.WebResourcePermission /auth/*:/authsec/*)
| (javax.security.jacc.WebResourcePermission /authsec/*)
| (javax.security.jacc.WebResourcePermission /sec/*)
| (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping User)
| (javax.security.jacc.WebRoleRefPermission PortalServletWithDefaultServletMapping Authenticated)
| (javax.security.jacc.WebRoleRefPermission jsp User)
| (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping User)
| (javax.security.jacc.WebRoleRefPermission User)
| (javax.security.jacc.WebRoleRefPermission PortalServletWithPathMapping Authenticated)
| )
|
| , permission=(org.jboss.portal.core.model.portal.PortalObjectPermission portalobjectpermission personalizerecursive)
| 2006-09-01 13:57:34,474 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=null
| 2006-09-01 13:57:34,474 TRACE [org.jboss.security.jacc.DelegatingPolicy] implies javax.security.auth.Subject.container: null
|
Any help with what I am doing wrong/missing is greatly appreciated.
pieter
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3968909#3968909
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3968909
More information about the jboss-user
mailing list