[jboss-user] [JBoss Portal] - Re: Securing Portal Page - please help!

PeterJ do-not-reply at jboss.com
Thu Aug 9 16:32:38 EDT 2007


I would bring up the portal, log in as admin, click on the admin link to get to the admin portal, 'home' page, and play with the security settings on the 'default' portal and its pages until I get the proper behavior.  Once I had the proper settings figured out, I might consider editing the jboss-portal.sar/conf/data/default-object.xml file to apply the security settings. Of course, changing the settings in that file might not work unless you are starting off with a clean installation, even with setting 'if-exists' to 'overwrite'.  (I am not very trusting of 'overwrite', some changes seem to go through ok, others just don't make it.) But if your are attempting to put together a custom portal to deploy, that file is the perfect place to make such changes.

As an example of limiting access to a page, I changed the access control for the 'default' portal as follows:

default portal: Unchecked has view and personalize access
pages:
* default - Unchecked has viewrecursive access
* news - Admins and Users have view access
* weather - Unchecked has viewrecursive access

When noone is logged in, only the 'default' and 'weather' pages are accessible (only those two tabs show up). If I log in as admin or user, all three pages (tabs) are visible. Thus, I have set up the news page to require login before it can be accessed.

Note that a page's tab does not show up unless the user has access. As far as I know, there is no way to have the tab show up and when the user clicks on it, to display the login prompt.

The one thing that surprised me was that I had to give Administrators view access to the news page. I recall in 2.4 that this was not necessary (though my memory could be off, it has been months since I have done an exhaustive analysis of how security works in 2.4). I seem to recall that in 2.4 the "users" role was a special roll encompassing anyone who was logged in, now it appears to be a normal role like any other.

Hope this helps.
 


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4072718#4072718

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4072718



More information about the jboss-user mailing list