Jetspeed Security Concepts

The Jetspeed Security services are defined at the Jetspeed web site: here. It is recommended that you review the concepts there before getting started. The purpose of portal security is to authenticate users of the portal, and to authorize access by those users to portal resources. All security in Jetspeed is defined through pluggable services. Jetspeed provides a default security policy and services. The default security service has a user database along with a security constraint registry. First lets review the security database and the object model.

Jetspeed Security Options:

JetspeedUser Defines the minimal attributes of a user in the portal system.
Role Defines the minimal attributes of a role in the portal system.
Group Defines the minimal attributes of a group in the portal system.
Permission Defines the minimal attributes of a permission in the portal system.

The default Jetspeed deployment comes with a populated sample database of users, roles, groups and permissions. This database is conveniently distributed with the webapp to simplify the first time experience. The database is Hypersonic SQL. For production systems, it is recommended to switch to a more robust database.

The default Security service uses Apache Torque to manage object-relational mapping of objects to and from relational tables. This default service can be configured to work with your own database. Also see the LDAP Security service.