Security Constraints Administration Guide
Security constraints restrict access to resources in the portal. Portal resources (folders, links, pages, portlets) can be secured with either:
- Security Constraints (based on Jetspeed-specific security constraints)
- Security Permissions (based on a Java Security Policy)
The default security is Constraints as they are easier to configure by a portal administrator. The advantage of Permissions is that they
are stored in a central repository in the Jetspeed database, and they adhere to the Java Security Standard Both constraints and permissions inherit. Meaning that if you set a
permission or constraint on a folder, it is inherited by all subfolders and pages
A constraint grants a permission to a security principal, either:
- a role
- a group
- a user
- or * for all users
A constraint defines the action, which can be standard portlet modes:
Or Jetspeed extended portlet modes:
- edit_defaults
- about
- config
- print
Constraint Management
TODO: describe UI, screen shots
Security References
A security definition is referenced by portal resources to secure that particular resource. The following resources can be secured:
- Folder: in the folder metadata
- Page: in a PSML file
- Link: in a .link file
- Portlet Window: one instance of a portlet on a page
- Portlet Definition: all instances of a portlet on all pages
- Portlet Application: all portlets in a portlet application
Securing a resource is as simple as referencing the definition. You can do this from several areas of the portal:
- 1. The Site Manager to secure a folder, page or link
- 2. Portlet Application Manager, to secure a Portlet Application or Portlet Definition
- 3. Config Mode, if available for a portlet, you can secure a portlet instance
Additionally, portlets can be secured in the deployment descriptors. See the
deployment guide for more details.
