Security Constraints Administration Guide

Security constraints restrict access to resources in the portal. Portal resources (folders, links, pages, portlets) can be secured with either:

  • Security Constraints (based on Jetspeed-specific security constraints)
  • Security Permissions (based on a Java Security Policy)
The default security is Constraints as they are easier to configure by a portal administrator. The advantage of Permissions is that they are stored in a central repository in the Jetspeed database, and they adhere to the Java Security Standard Both constraints and permissions inherit. Meaning that if you set a permission or constraint on a folder, it is inherited by all subfolders and pages

A constraint grants a permission to a security principal, either:

  • a role
  • a group
  • a user
  • or * for all users
A constraint defines the action, which can be standard portlet modes:
  • view
  • edit
  • help
Or Jetspeed extended portlet modes:
  • edit_defaults
  • about
  • config
  • print

Constraint Management

TODO: describe UI, screen shots

Security References

A security definition is referenced by portal resources to secure that particular resource. The following resources can be secured:

  • Folder: in the folder metadata
  • Page: in a PSML file
  • Link: in a .link file
  • Portlet Window: one instance of a portlet on a page
  • Portlet Definition: all instances of a portlet on all pages
  • Portlet Application: all portlets in a portlet application
Securing a resource is as simple as referencing the definition. You can do this from several areas of the portal:
  • 1. The Site Manager to secure a folder, page or link
  • 2. Portlet Application Manager, to secure a Portlet Application or Portlet Definition
  • 3. Config Mode, if available for a portlet, you can secure a portlet instance
Additionally, portlets can be secured in the deployment descriptors. See the deployment guide for more details.