Japanese Support for Jetspeed

[Jetspeed-japan-trans] CVS-Update: jetspeed-2-trans/ja/xdocs/guides committed by shinsuke

shins****@users***** shins****@users*****
2006年 3月 11日 (土) 03:53:07 JST

• 前の記事 [Jetspeed-japan-trans] Re: guides/guide-menus-declarative-psml.xml
• 次の記事 [Jetspeed-japan-trans] CVS-Update: jetspeed-2-trans/xdocs committed by shinsuke
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]

Update of /cvsroot/jetspeed-japan/jetspeed-2-trans/ja/xdocs/guides
In directory sf-cvs:/tmp/cvs-serv12454/ja/xdocs/guides

Modified Files:
	guide-security-declarative-psml.xml 
Log Message:
submitted by KATOH Yasufumi

jetspeed-2-trans/ja/xdocs/guides/guide-security-declarative-psml.xml 1.1.1.1 -> 1.2 (modified)
http://cvs.sourceforge.jp/cgi-bin/viewcvs.cgi/jetspeed-japan/jetspeed-2-trans/ja/xdocs/guides/guide-security-declarative-psml.xml.diff?r1=1.1.1.1&r2=1.2

===================================================================
RCS file: jetspeed-2-trans/ja/xdocs/guides/guide-security-declarative-psml.xml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- guide-security-declarative-psml.xml	2005/12/16 03:43:36	1.1.1.1
+++ guide-security-declarative-psml.xml	2006/03/10 18:53:07	1.2
@@ -1,345 +1,651 @@
-<?xml version="1.0"?>
-<!--
-Copyright 2004-2005 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<document>
-  <properties>
-    <title>Guide to Declarative Security through PSML</title>
-    <subtitle>Guide to Declarative Security through PSML</subtitle>
-    <authors>
-      <person name="David Sean Taylor" email="taylo****@apach*****"/>
-      <person name="Randy Watler" email="rwatl****@apach*****"/>
-    </authors>
-  </properties>
-  <body>
-<section name="Security Constraints">
-<p>
-<ul>
-	<li><a href="#The Security Constraint">Security Constraint</a></li>	      
-	<li><a href="#Declarative and Global Constraints">Declarative and Global Constraints</a></li>	 
-    <li><a href="#Folder Constraints">Folder Constraints</a></li>
-    <li><a href="#Page Constraints">Page Constraints</a></li>    
-    <li><a href="#Fragment Constraints">Fragment Constraints</a></li>    
-    <li><a href="#Spring Configuration">Spring Configuration</a></li>    
-</ul>
-</p>
-<p>
-Security Constraints are applied to pages and folders.  Security Constraints either grant or deny 
-access to pages and folders.  Constraints can be defined in one or all of these four places:
-<ul>
-    <li>1. <b>Global:</b> As declarations in the <b><i>page.security</i></b> file found in the root of the PSML tree.</li>
-    <li>2. <b>Folder:</b> In the <b><i>folder.metadata</i></b> file optionally located in every directory.</li>    
-    <li>3. <b>Page:</b> In PSML files to constrain access to specific pages.</li>
-    <li>4. <b>Fragment:</b> In page PSML files to constrain access to a specific fragment within a page.</li>
-</ul>
-</p>
-<subsection name='Grants'>
-<p>
-Grants are associated with permissions, authorizing, or granting, a principal list 
-access to a page or folder.    
-A granting security constraint is the association of a list of one 
-or more security principals combined with one or permissions. Grant constraints grant access to a page or folder
-for the associated list of permissions. 
-</p>
-</subsection>
-<subsection name='Denies'>
-<p>
-A deny security constraint is declared 
-with one or more security principals; with no associated permissions. Deny constraints prohibit access
-to the page or folder for the given list of principals. Note that deny constraints
-must be listed before grant constraints.
-</p>
-</subsection>
-<subsection name='Declarative and Referential Constraints'>
-<p>
-When working with pages and folder resource constraints, a constraint can be either 
-a <b><i>declarative constraint</i></b> or a <b><i>referential</i></b> constraint.
-Declarative constraints are declared and put to use right in place for the particular
-page or folder resource. Where as referential constraints refer to a constraint declared
-in a centralized security constraint resource: the <b><i>page.security</i></b> file. Each
-site or subsite can have one <b><i>page.security</i></b> resource for declaring constraints
-to be referenced in any page or folder.
-</p>
-</subsection>
-</section>
-<section name='The Security Constraint'>
-<p>
-A security constraint is an XML element found in a PSML file, a folder metadata file, or inthe global security declarations.
-A security constraint has one attribute: the name. A security constraint has the following elements:
-</p>
-<ul>
-    <li>roles - a comma-separated list of one or more role principals or * for all roles</li>
-    <li>groups - a comma-separated list of one or more group principals or * for all groups</li>
-    <li>users - a comma-separated list of one or more user principals or * for all users</li>
-    <li>owner - a single user principal</li>
-    <li>permissions - a comma-separated list of one or permissions (view,edit,help)</li>
-</ul>    
-<p>
-The first four elements (roles, groups, users, owner) all define the principals who will either have a permission granted or denied.
-</p>
-<subsection name='Permissions'>
-<p>
-Permissions are the portal modes that are granted by the security constraint. Note that permissions are only granted, not denied.
-The <b><i>view</i></b> permission is similiar to the <b><i>read</i></b> permission found in operating systems.
-The <b><i>edit</i></b> permission is similiar to the <b><i>write</i></b> permission found in operating systems.
-The <b><i>help</i></b> permission is similiar to the <b><i>info</i></b> permission found in some portals.
-</p>
-</subsection>
-
-<subsection name='Roles'>
-<p>
-Constraints can be granted to one or more role principals for a set of permissions on a given resource.
-Roles are derived from the authorized users list of role principals, i.e. the roles that the user is a member of.
-If the authorized user is a member of any of the listed roles, the permission to the resource will be granted.
-</p>
-<source><![CDATA[
-    <security-constraint>
-      <roles>adminstrator, manager</roles>    
-      <permissions>view, edit</permissions>
-    </security-constraint>
-]]></source>
-Constraints can also deny role principals access to the entire resource.
-If the authorized user is a member of any of the listed roles, all access to the resource is denied.
-<source><![CDATA[
-    <security-constraint>
-      <roles>adminstrator, manager</roles>    
-    </security-constraint>
-]]></source>
-</subsection>
-<subsection name='Groups'>
-    <p>
-Constraints can be granted to one or more group principals for a set of permissions on a given resource.
-Groups are derived from the authorized users list of group principals, i.e. the groups that the user is a member of.
-If the authorized user is a member of any of the listed groups, the permission to the resource will be granted.
-<source><![CDATA[
-    <security-constraint>
-      <groups>accounting, development</groups>    
-      <permissions>view</permissions>
-    </security-constraint>
-]]></source>
-Constraints can also deny group principals access to the entire resource.
-If the authorized user is a member of any of the listed groups, all access to the resource is denied.
-<source><![CDATA[
-    <security-constraint>
-      <groups>accounting, development</groups>    
-    </security-constraint>
-]]></source>
-</p>
-</subsection>
-<subsection name='Users'>
-    <p>
-Constraints can be granted to one or more user principals for a set of permissions on a given resource:
-The current user must be one of the listed principals in the comma-separated list in order to grant permission to the resource.
-<source><![CDATA[
-    <security-constraint>
-      <users>joey, deedee, johnny</users>    
-      <permissions>view, edit, help</permissions>
-    </security-constraint>
-]]></source>
-Constraints can also deny user principals access to the entire resource.
-If the authorized user is in the list, all access to the resource is denied.
-<source><![CDATA[
-    <security-constraint>
-      <users>fred</users>    
-    </security-constraint>
-]]></source>
-</p>
-</subsection>
-<subsection name='Combinations'>
-<p>
-Note that you can grant or deny permissions to a collection of one or more principal types. For example, here we grant view and edit permissions
-to the roles (manager, developer), and to the groups (QA and Research), and to the particular user (dilbert):
-If the authorized user is a member of any of the listed roles, groups, or users, the permission to the resource will be granted.
-</p>
-<source><![CDATA[
-    <security-constraint>
-      <roles>hacker, coder, guru</roles>    
-      <groups>unix, linux, freebsd</groups>
-      <users>betty, fred, barney, wilma</users>      
-      <permissions>view, edit</permissions>
-    </security-constraint>
-]]></source>
-<p>
-Constraints can also deny combinations of principals access to the entire resource.
-If the authorized user is a member of any of the listed groups, roles or users, all access to the resource is denied.
-</p>
-<source><![CDATA[
-    <security-constraint>
-      <roles>hacker, coder, guru</roles>    
-      <groups>unix, linux, freebsd</groups>
-      <users>betty, fred, barney, wilma</users>      
-    </security-constraint>
-]]></source>
-</subsection>
-<subsection name='All *'>
-<p>
-The * can be applied to roles, groups, users or permissions to imply ALL.
-<source><![CDATA[
-    <security-constraint>
-      <users>*</users>      
-      <permissions>*</permissions>
-    </security-constraint>
-]]></source>
-</p>
-</subsection>
-<subsection name='Owner'>
-    <p>
-    TODO
-    </p>
-</subsection>
-</section>
-<section name='Declarative and Global Constraints'>
-<p>
-Declarative constraints are declared in the <b><i>page.security</i></b> file of the root of a site.
-Declarative constraints are referenced in pages and folders with the <b><i>security-constraints-ref</i></b> tag.
-Global constraints are also declarative constraints. They are also defined and found in the <b><i>page.security</i></b> file in the root PSML repository.
-The difference with global constraints is that they implicitly apply to all folders and pages within the scope of the page.security file, (i.e. the site).
-Note that there can be only one <b><i>page.security</i></b> file in a Jetspeed installation.
-</p>
-<source><![CDATA[
-  <security-constraints-def name="admin">
-    <security-constraint>
-      <roles>admin</roles>
-      <permissions>view, edit</permissions>
-    </security-constraint>
-  </security-constraints-def>
-  <global-security-constraints-ref>admin</global-security-constraints-ref>
-]]></source>
-<subsection name='Default Constraints'>
-<p>
-    Several security constraint declarations are made in the default deployment of Jetspeed:
-<table>
-    <tr>
-        <th>name</th>
-        <th>grants</th>
-        <th>permissions</th>        
-        <th>global</th>
-    </tr>
-    <tr>
-        <td>admin</td>
-        <td>roles: admin</td>
-        <td>view, edit</td>        
-        <td>yes</td>
-    </tr>
-    <tr>
-        <td>manager</td>
-        <td>roles: manager</td>
-        <td>view</td>        
-        <td>no</td>
-    </tr>
-    <tr>
-        <td>users</td>
-        <td>roles: user, manager</td>
-        <td>view</td>        
-        <td>no</td>        
-    </tr>
-    <tr>
-        <td>public-view</td>
-        <td>users: *</td>
-        <td>view</td>        
-        <td>no</td>        
-    </tr>
-    <tr>
-        <td>public-edit</td>
-        <td>users: *</td>
-        <td>view, edit</td>        
-        <td>no</td>        
-    </tr>    
-</table>    
-</p>    
-</subsection>
-</section>
-<section name='Folder Constraints'>
-<p>
-Folder Security constraints are placed in a <b><il>security-constraints list</il></b> in the <b><i>folder.metadata</i></b> file optionally found in each folder in the site.
-Note that the absence of a <b><i>folder.metadata</i></b> or security constraints within that file means that the folder will
-inherit the constraints of the parent folder, all the way up to the root folder of the site or subsite. Folder constraints do
-not inherit across subsites. Folder security constraints are made up of declarative security constraints and referential security
-constraints. Here is an example of both, the first being a referential constraint, the second a declarative constraint:
-<source><![CDATA[
-  <security-constraints>
-    <security-constraints-ref>public-view</security-constraints-ref>
-    <security-constraint>
-      <groups>engineering</groups>
-      <permissions>view</permissions>
-    </security-constraint>    
-  </security-constraints>
-]]></source>
-</p>
-<p>
-Note that all security constraints must be placed within a <b><i>security-constraints</i></b> collection.
-</p>
-</section>
-<section name='Page Constraints'>
-<p>
-Page Security constraints are placed <b><il>security-constraints list</il></b> 
-in <b><i>PSML</i></b> files and are optional.
-Note that the absence of a  security constraints list within that file means that the folder will
-inherit the constraints of the folder in which it resides.  Page security constraints are made up of 
-declarative security constraints and referential security
-constraints. Here is an example of both, the first being a referential constraint, the second a declarative constraint:
-</p>
-<source><![CDATA[
-  <security-constraints>
-    <security-constraints-ref>global-view</security-constraints-ref>
-    <security-constraint>
-      <groups>accounting</groups>
-      <permissions>view, edit</permissions>
-    </security-constraint>    
-  </security-constraints>
-]]></source>
-<p>
-Note that all security constraints must be placed within a <b><i>security-constraints</i></b> collection.
-</p>
-</section>
-<section name='Fragment Constraints'>
-<p>
-As with Page Security constraints, Fragment Security constraints are placed within
-<b><il>security-constraints list</il></b> in <b><i>PSML</i></b> page files and are
-again optional. As expected, the absence of a security constraints list implies the
-fragment will inherit the constraints of the page of which it is a part. Note that
-only the view permission is checked against these constraints. Other permissions
-are tested only against the containing page.
-</p>
-</section>
-<section name="Spring Configuration">
-<p>
-Declarative Security Constraints are enabled by default in the Spring configuration of the
-Page Manager component. Here is the default Page Manager bean configuration from the
-<b><i>page-manager.xml</i></b> spring assembly configuration file:
-</p>
-<source><![CDATA[
-  <bean id="org.apache.jetspeed.page.PageManager" 
-       name="pageManager"
-       class="org.apache.jetspeed.page.psml.CastorXmlPageManager">         
-       <constructor-arg index="0"><ref bean="IdGenerator"/></constructor-arg>
-       <constructor-arg index="1"><ref bean="DocumentHandlerFactory"/></constructor-arg>
-       <constructor-arg index="2"><ref bean="FolderHandler"/></constructor-arg>
-       <constructor-arg index="3"><ref bean="PageFileCache"/></constructor-arg>        
-       <!-- permissions security enabled flag, default=false -->
-       <constructor-arg index="4"><value>false</value></constructor-arg>
-       <!-- constraints security enabled flag, default=true -->
-       <constructor-arg index="5"><value>true</value></constructor-arg>
-  </bean>
-]]></source>
-<p>
-Here the 6th, (index="5"), boolean constructor argument specifies whether or
-not the "constraints security" model is enabled. If the Declarative Security Constraints
-are not enabled, all inline, referenced, and global security constraints will be ignored. 
-</p>
-</section>
-
-</body>
-</document>
+<?xml version="1.0"?>
+<!--
+Copyright 2004-2005 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<document>
+  <properties>
+    <title>Guide to Declarative Security through PSML</title>
+    <subtitle>Guide to Declarative Security through PSML</subtitle>
+    <authors>
+      <person name="David Sean Taylor" email="taylo****@apach*****"/>
+      <person name="Randy Watler" email="rwatl****@apach*****"/>
+    </authors>
+	<translators>
+		<person name="$B2CF#BYJ8(B" email="karma****@prog*****" />
+	</translators>
+  </properties>
+  <body>
+<section name="[Security Constraints] $B%;%-%e%j%F%#@)Ls(B">
+<div class="original">
+<p>
+<ul>
+	<li><a href="#The Security Constraint">Security Constraint</a></li>	      
+	<li><a href="#Declarative and Global Constraints">Declarative and Global Constraints</a></li>	 
+    <li><a href="#Folder Constraints">Folder Constraints</a></li>
+    <li><a href="#Page Constraints">Page Constraints</a></li>    
+    <li><a href="#Fragment Constraints">Fragment Constraints</a></li>    
+    <li><a href="#Spring Configuration">Spring Configuration</a></li>    
+</ul>
+</p>
+</div>
+<p>
+<ul>
+	<li><a href="#The Security Constraint">$B%;%-%e%j%F%#@)Ls(B</a></li>	      
+	<li><a href="#Declarative and Global Constraints">$B ＠ k8@7?$N@)Ls$H%0%m!<%P%k$N@)Ls(B</a></li>	 
+    <li><a href="#Folder Constraints">$B%U%)%k%@$N@)Ls(B</a></li>
+    <li><a href="#Page Constraints">$B%Z!<%8$N@)Ls(B</a></li>    
+    <li><a href="#Fragment Constraints">$B%U%i%0%a%s%H$N@)Ls(B</a></li>    
+    <li><a href="#Spring Configuration">Spring $B$N ＠ _Dj(B</a></li>    
+</ul>
+</p>
+<div class="original">
+<p>
+Security Constraints are applied to pages and folders.  Security Constraints either grant or deny 
+access to pages and folders.  Constraints can be defined in one or all of these four places:
+<ul>
+    <li>1. <b>Global:</b> As declarations in the <b><i>page.security</i></b> file found in the root of the PSML tree.</li>
+    <li>2. <b>Folder:</b> In the <b><i>folder.metadata</i></b> file optionally located in every directory.</li>    
+    <li>3. <b>Page:</b> In PSML files to constrain access to specific pages.</li>
+    <li>4. <b>Fragment:</b> In page PSML files to constrain access to a specific fragment within a page.</li>
+</ul>
+</p>
+</div>
+<p>
+$B%;%-%e%j%F%#@)Ls$O!"%Z!<%8$H%U%)%k%@$KE,MQ$5$l$^$9!#%;%-%e%j%F%#@)Ls$O!"%Z!<%8$H%U%)%k%@$KBP$9$k%"%/%;%9$r5v2D$7$?$j5qH]$7$?$j$7$^$9!#@)Ls$O!"0J2<$N(B 4 $B$D$N>l=j$N0l$D$^$?$OA4$F$GDj5A$5$l$^$9!#(B
+<ul>
+    <li>1. <b>$B%0%m!<%P%k(B:</b> PSML $B%D%j!<$N%k!<%H$KB8:_$9$k(B <b><i>page.security</i></b> $B%U%!%$%kFb$N ＠ k8@$H$7$F!#(B</li>
+    <li>2. <b>$B%U%)%k%@(B:</b> $B3F%G%#%l%/%H%j$K%*%W%7%g%J%k$KB8:_$9$k(B <b><i>folder.metadata</i></b> $B%U%!%$%kFb$G!#(B</li>    
+    <li>3. <b>$B%Z!<%8(B:</b> $BFCDj$N%Z!<%8$X$N%"%/%;%9$r@)8B$9$k$?$a$K(B PSML $B%U%!%$%kFb$G!#(B</li>
+    <li>4. <b>$B%U%i%0%a%s%H(B:</b> $B%Z!<%8Fb$NFCDj$N%U%i%0%a%s%H$KBP$9$k%"%/%;%9$r@)8B$9$k$?$a$K(B PSML $B%U%!%$%k$NCf$G!#(B</li>
+</ul>
+</p>
+<subsection name='[Grants] $B5v2D(B'>
+<div class="original">
+<p>
+Grants are associated with permissions, authorizing, or granting, a principal list 
+access to a page or folder.    
+A granting security constraint is the association of a list of one 
+or more security principals combined with one or permissions. Grant constraints grant access to a page or folder
+for the associated list of permissions. 
+</p>
+</div>
+<p>
+$B5v2D$O!"%Z!<%8$^$?$O%U%)%k%@$KBP$9$k%"%/%;%9$KBP$9$k%Q!<%_%C%7%g%s!">5G'!"8"8B$N<xM?!"%W%j%s%7%Q%k$N%j%9%H$N$I$l$+$K4X78$7$^$9!#%;%-%e%j%F%#@)Ls$rM?$($k$H$$$&$3$H$O!"0l$D0J>e$N%Q!<%_%C%7%g%s$HAH$_9g$;$?!"0l$D0J>e$N%;%-%e%j%F%#%W%j%s%7%Q%k$N%j%9%H$N4XO"IU$1$r9T$&$H$$$&$3$H$G$9!#@)Ls$rM?$($k$H!"4XO"$E$1$i$l$?%Q!<%_%C%7%g%s$N%j%9%H$NDL$j$K$J$k$h$&%Z!<%8$^$?$O%U%)%k%@$X$N%"%/%;%9$,5v2D$5$l$^$9!#(B
+</p>
+</subsection>
+<subsection name='[Denies] $BH]G'(B'>
+<div class="original">
+<p>
+A deny security constraint is declared 
+with one or more security principals; with no associated permissions. Deny constraints prohibit access
+to the page or folder for the given list of principals. Note that deny constraints
+must be listed before grant constraints.
+</p>
+</div>
+<p>
+$BH]G'$N%;%-%e%j%F%#@)Ls$O!"0l$D0J>e$N%;%-%e%j%F%#%W%j%s%7%Q%k$H6&$K ＠ k8@$5$l$^$9!#@)Ls$NH]G'$O!"M?$($i$l$?%W%j%s%7%Q%k$N%j%9%H$NDL$j$K$J$k$h$&!"%Z!<%8$d%U%)%k%@$KBP$9$k%"%/%;%9$r6X;_$7$^$9!#@)Ls$NH]G'$O!"@)Ls$N>5G'$NA0$K%j%9%H%"%C%W$5$l$kI,MW$,$"$k$3$H$KCm0U$7$F$/$@$5$$!#(B
+</p>
+</subsection>
+<subsection name='[Declarative and Referential Constraints] $B ＠ k8@7?$H;2>H7?$N@)Ls(B'>
+<div class="original">
+<p>
+When working with pages and folder resource constraints, a constraint can be either 
+a <b><i>declarative constraint</i></b> or a <b><i>referential</i></b> constraint.
+Declarative constraints are declared and put to use right in place for the particular
+page or folder resource. Where as referential constraints refer to a constraint declared
+in a centralized security constraint resource: the <b><i>page.security</i></b> file. Each
+site or subsite can have one <b><i>page.security</i></b> resource for declaring constraints
+to be referenced in any page or folder.
+</p>
+</div>
+<p>
+$B%Z!<%8$H%U%)%k%@$N%j%=!<%9@)Ls$,E,MQ$5$l$k$H$-!"@)Ls$O(B <b><i>$B ＠ k8@7?(B</i></b> $B$^$?$O(B <b><i>$B;2>H7?(B</i></b> $B$N@)Ls$N$I$A$i$+$G$"$k2DG=@-$,$"$j$^$9!#@k8 ＠ 7?$N@)Ls$O!"FCDj$N%Z!<%8$^$?$O%U%)%k%@$N%j%=!<%9$,!"E, ＠ Z$K;H$o$l$k$?$a$K ＠ k8@$5$l$^$9!#;2>H7?$N@)Ls$O!"Cf1{=88"E*$J%;%-%e%j%F%#@)Ls%j%=!<%9$G$"$k(B <b><i>page.security</i></b> $B%U%!%$%kFb$G ＠ k8@$5$l$?@)Ls$r;2>H$7$^$9!#%5%$%HKh$+%5%V%5%$%HKh$K!"G$0U$N%Z!<%8$d%U%)%k%@Fb$G;2>H$5$l$k@)Ls$r ＠ k8@$9$k$?$a$K!"(B<b><i>page.security</i></b> $B$,0l$D$"$j$^$9!#(B
+</p>
+</subsection>
+</section>
+<section name='[The Security Constraint] $B%;%-%e%j%F%#@)Ls(B'>
+<div class="original">
+<p>
+A security constraint is an XML element found in a PSML file, a folder metadata file, or inthe global security declarations.
+A security constraint has one attribute: the name. A security constraint has the following elements:
+</p>
+</div>
+<p>
+$B%;%-%e%j%F%#@)Ls$O!"(BPSML $B%U%!%$%kFb!"$b$7$/$O%U%)%k%@$N%a%?%G!<%?%U%!%$%kFb!"$b$7$/$O%0%m!<%P%k$J%;%-%e%j%F%#$N ＠ k8@Cf$K$"$k(B XML $BMWAG$G$9!#%;%-%e%j%F%#@)8B$K$O(B name $B$H$$$&B0 ＠ -$,0l$DB8:_$7$^$9!#%;%-%e%j%F%#@)Ls$O!"0J2<$NMWAG$r;}$A$^$9!#(B
+</p>
+<div class="original">
+<ul>
+    <li>roles - a comma-separated list of one or more role principals or * for all roles</li>
+    <li>groups - a comma-separated list of one or more group principals or * for all groups</li>
+    <li>users - a comma-separated list of one or more user principals or * for all users</li>
+    <li>owner - a single user principal</li>
+    <li>permissions - a comma-separated list of one or permissions (view,edit,help)</li>
+</ul>    
+</div>
+<ul>
+    <li>roles - $B%+%s%^$G6h ＠ Z$i$l$?0l$D0J>e$N%m!<%k%W%j%s%7%Q%k$N%j%9%H!"$b$7$/$OA4$F$N%m!<%k$rI=$9(B *</li>
+    <li>groups - $B%+%s%^$G6h ＠ Z$i$l$?0l$D0J>e$N%0%k!<%W%W%j%s%7%Q%k$N%j%9%H!"$b$7$/$OA4$F$N%0%k!<%W$rI=$9(B *</li>
+    <li>users - $B%+%s%^$G6h ＠ Z$i$l$?0l$D0J>e$N%f!<%6%W%j%s%7%Q%k!"$b$7$/$OA4$F$N%f!<%6$rI=$9(B *</li>
+    <li>owner - $BC10l$N%f!<%6%W%j%s%7%Q%k(B</li>
+    <li>permissions - $B%+%s%^$G6h ＠ Z$i$l$?0l$D0J>e$N%Q!<%_%C%7%g%s(B (view, edit, help) $B$N%j%9%H(B</li>
+</ul>    
+<div class="original">
+<p>
+The first four elements (roles, groups, users, owner) all define the principals who will either have a permission granted or denied.
+</p>
+</div>
+<p>
+$B:G=i$N(B 4 $B$D$NMWAG(B (roles, groups, users, owner) $B$OA4$F!">5G'$5$l$k$b$7$/$O5qH]$5$l$k%Q!<%_%C%7%g%s$r;}$D%W%j%s%7%Q%k$rDj5A$7$^$9!#(B
+</p>
+<subsection name='[Permissions] $B%Q!<%_%C%7%g%s(B'>
+<div class="original">
+<p>
+Permissions are the portal modes that are granted by the security constraint. Note that permissions are only granted, not denied.
+The <b><i>view</i></b> permission is similiar to the <b><i>read</i></b> permission found in operating systems.
+The <b><i>edit</i></b> permission is similiar to the <b><i>write</i></b> permission found in operating systems.
+The <b><i>help</i></b> permission is similiar to the <b><i>info</i></b> permission found in some portals.
+</p>
+</div>
+<p>
+$B%Q!<%_%C%7%g%s$O!"%;%-%e%j%F%#@)8B$K$h$C$F5v2D$,M?$($i$l$k%]!<%?%k$N%b!<%I$G$9!#%Q!<%_%C%7%g%s$O5v2D$r9T$&$@$1$G!"H]G'$O$7$^$;$s!#(B
+<b><i>view</i></b> $B%Q!<%_%C%7%g%s$O!"%*%Z%l!<%F%#%s%0%7%9%F%`$K$*$1$k(B <b><i>read</i></b> $B%Q!<%_%C%7%g%s$HF1MM$N$b$N$G$9!#(B
+<b><i>edit</i></b> $B%Q!<%_%C%7%g%s$O!"%*%Z%l!<%F%#%s%0%7%9%F%`$K$*$1$k(B <b><i>write</i></b> $B%Q!<%_%C%7%g%s$HF1MM$N$b$N$G$9!#(B
+<b><i>help</i></b> $B%Q!<%_%C%7%g%s$O!"B>$N%]!<%?%k$G(B <b><i>info</i></b> $B%Q!<%_%C%7%g%s$H$J$C$F$$$k$3$H$,$"$k$b$N$HF1MM$N$b$N$G$9!#(B
+</p>
+</subsection>
+
+<subsection name='[Roles] $B%m!<%k(B'>
+<div class="original">
+<p>
+Constraints can be granted to one or more role principals for a set of permissions on a given resource.
+Roles are derived from the authorized users list of role principals, i.e. the roles that the user is a member of.
+If the authorized user is a member of any of the listed roles, the permission to the resource will be granted.
+</p>
+</div>
+<p>
+$B@)Ls$O!"M?$($i$l$?%j%=!<%9$X$N%Q!<%_%C%7%g%s$N%;%C%H$r!"0l$D0J>e$N%m!<%k%W%j%s%7%Q%k$KM?$($k$3$H$,=PMh$^$9!#%m!<%k$O!">5G'$5$l$?%m!<%k%W%j%s%7%Q%k(B ($B$D$^$j$=$N%f!<%6$,%a%s%P!<$G$"$k$H$$$&$3$H(B) $B$N%f!<%6%j%9%H$+$iF@$i$l$^$9!#$b$7>5G'$5$l$?%f!<%6$,!"%j%9%H$5$l$?%m!<%k$N$I$l$+$N%a%s%P!<$G$"$k$N$J$i!"%j%=!<%9$KBP$9$k%Q!<%_%C%7%g%s$,M?$($i$l$^$9!#(B
+</p>
+<div class="original">
+<source><![CDATA[
+    <security-constraint>
+      <roles>adminstrator, manager</roles>    
+      <permissions>view, edit</permissions>
+    </security-constraint>
+]]></source>
+</div>
+<source><![CDATA[
+    <security-constraint>
+      <roles>adminstrator, manager</roles>    
+      <permissions>view, edit</permissions>
+    </security-constraint>
+]]></source>
+<div class="original">
+<p>
+Constraints can also deny role principals access to the entire resource.
+If the authorized user is a member of any of the listed roles, all access to the resource is denied.
+</p>
+</div>
+<p>
+$B@)Ls$O!"%m!<%k%W%j%s%7%Q%k$N%j%=!<%9A4BN$KBP$9$k%"%/%;%9$r5qH]$9$k$3$H$b2DG=$G$9!#$b$7>5G'$5$l$?%f!<%6$,!"%j%9%H$5$l$?%m!<%k$N$I$l$+$N%a%s%P!<$G$"$k$N$J$i!"%j%=!<%9$KBP$9$kA4$F$N%"%/%;%9$,5qH]$5$l$^$9!#(B
+</p>
+<div class="original">
+<source><![CDATA[
+    <security-constraint>
+      <roles>adminstrator, manager</roles>    
+    </security-constraint>
+]]></source>
+</div>
+<source><![CDATA[
+    <security-constraint>
+      <roles>adminstrator, manager</roles>    
+    </security-constraint>
+]]></source>
+</subsection>
+<subsection name='[Groups] $B%0%k!<%W(B'>
+	<div class="original">
+    <p>
+Constraints can be granted to one or more group principals for a set of permissions on a given resource.
+Groups are derived from the authorized users list of group principals, i.e. the groups that the user is a member of.
+If the authorized user is a member of any of the listed groups, the permission to the resource will be granted.
+<source><![CDATA[
+    <security-constraint>
+      <groups>accounting, development</groups>    
+      <permissions>view</permissions>
+    </security-constraint>
+]]></source>
+Constraints can also deny group principals access to the entire resource.
+If the authorized user is a member of any of the listed groups, all access to the resource is denied.
+<source><![CDATA[
+    <security-constraint>
+      <groups>accounting, development</groups>    
+    </security-constraint>
+]]></source>
+</p>
+	</div>
+	<p>
+$B@)Ls$O!"M?$($i$l$?%j%=!<%9$X$N%Q!<%_%C%7%g%s$N%;%C%H$r!"0l$D0J>e$N%0%k!<%W%W%j%s%7%Q%k$KM?$($k$3$H$,=PMh$^$9!#(B
+$B%0%k!<%W$O!">5G'$5$l$?%0%k!<%W%W%j%s%7%Q%k(B ($B$D$^$j%f!<%6$,%a%s%P!<$G$"$k%0%k!<%W(B) $B$N%f!<%6$N%j%9%H$+$iF@$i$l$^$9!#(B
+$B$b$7>5G'$5$l$?%f!<%6$,!"%j%9%H$5$l$?%0%k!<%W$N$I$l$+$N%a%s%P!<$G$"$k$N$J$i!"%j%=!<%9$KBP$9$k%Q!<%_%C%7%g%s$,M?$($i$l$^$9!#(B
+<source><![CDATA[
+    <security-constraint>
+      <groups>accounting, development</groups>    
+      <permissions>view</permissions>
+    </security-constraint>
+]]></source>
+$B@)Ls$O!"%0%k!<%W%W%j%s%7%Q%k$N%j%=!<%9A4BN$KBP$9$k%"%/%;%9$r5qH]$9$k$3$H$b=PMh$^$9!#$b$7>5G'$5$l$?%f!<%6$,!"%j%9%H$5$l$?%0%k!<%W$N$$$:$l$+$N%a%s%P!<$G$"$k$N$J$i!"%j%=!<%9$KBP$9$kA4$F$N%"%/%;%9$,5qH]$5$l$^$9!#(B
+<source><![CDATA[
+    <security-constraint>
+      <groups>accounting, development</groups>    
+    </security-constraint>
+]]></source>
+	</p>
+</subsection>
+<subsection name='[Users] $B%f!<%6(B'>
+	<div class="original">
+    <p>
+Constraints can be granted to one or more user principals for a set of permissions on a given resource:
+The current user must be one of the listed principals in the comma-separated list in order to grant permission to the resource.
+<source><![CDATA[
+    <security-constraint>
+      <users>joey, deedee, johnny</users>    
+      <permissions>view, edit, help</permissions>
+    </security-constraint>
+]]></source>
+Constraints can also deny user principals access to the entire resource.
+If the authorized user is in the list, all access to the resource is denied.
+<source><![CDATA[
+    <security-constraint>
+      <users>fred</users>    
+    </security-constraint>
+]]></source>
+</p>
+	</div>
+	<p>
+$B@)Ls$O!"M?$($i$l$?%j%=!<%9$X$N%Q!<%_%C%7%g%s$N%;%C%H$r!"0l$D0J>e$N%f!<%6%W%j%s%7%Q%k$KM?$($k;v$,=PMh$^$9!#8=:_$N%f!<%6$O!"%j%=!<%9$KBP$9$k%Q!<%_%C%7%g%s$rM?$($k$?$a$K%+%s%^$G6h ＠ Z$i$l$?%j%9%HCf$K%j%9%H$5$l$k!"%W%j%s%7%Q%k$N0l$D$G$J$1$l$P$J$j$^$;$s!#(B
+<source><![CDATA[
+    <security-constraint>
+      <users>joey, deedee, johnny</users>    
+      <permissions>view, edit, help</permissions>
+    </security-constraint>
+]]></source>
+$B@)Ls$O!"%f!<%6%W%j%s%7%Q%k$NA4$F$N%j%=!<%9$KBP$9$k%"%/%;%9$r5qH]$9$k$3$H$b2DG=$G$9!#$b$7>5G'$5$l$?%f!<%6$,%j%9%HFb$K$"$l$P!"A4$F$N%"%/%;%9$O5qH]$5$l$^$9!#(B
+<source><![CDATA[
+    <security-constraint>
+      <users>fred</users>    
+    </security-constraint>
+]]></source>
+	</p>
+</subsection>
+<subsection name='[Combinations] $Bg5(B„ã$B?e(Bˆã›'>
+<div class="original">
+<p>
+Note that you can grant or deny permissions to a collection of one or more principal types. For example, here we grant view and edit permissions
+to the roles (manager, developer), and to the groups (QA and Research), and to the particular user (dilbert):
+If the authorized user is a member of any of the listed roles, groups, or users, the permission to the resource will be granted.
+</p>
+</div>
+<p>
+$B0l$D0J>e$N<oN`$N%W%j%s%7%Q%k$N=89g$KBP$7$F%Q!<%_%C%7%g%s$rM?$($?$j!"5qH]$7$?$j=PMh$k$3$H$KCm0U$7$F$/$@$5$$!#Nc$($P!"$3$3$G$O%m!<%k(B (manager, developer) $B$H%0%k!<%W(B (QA $B$H(B Research) $B$HFCDj$N%f!<%6(B (dilbert) $B$KBP$7$F!"(Bview $B$H(B edit $B$N%Q!<%_%C%7%g%s$rM?$($F$$$^$9!#$b$7>5G'$5$l$?%f!<%6$,!"$3$3$K%j%9%H$5$l$?%m!<%k!"%f!<%6!"%0%k!<%W$N$I$l$+$N%a%s%P!<$G$"$k$N$J$i!"$3$N%j%=!<%9$KBP$9$k%Q!<%_%C%7%g%s$,M?$($i$l$^$9!#(B
+</p>
+<div class="original">
+<source><![CDATA[
+    <security-constraint>
+      <roles>hacker, coder, guru</roles>    
+      <groups>unix, linux, freebsd</groups>
+      <users>betty, fred, barney, wilma</users>      
+      <permissions>view, edit</permissions>
+    </security-constraint>
+]]></source>
+</div>
+<source><![CDATA[
+    <security-constraint>
+      <roles>hacker, coder, guru</roles>    
+      <groups>unix, linux, freebsd</groups>
+      <users>betty, fred, barney, wilma</users>      
+      <permissions>view, edit</permissions>
+    </security-constraint>
+]]></source>
+<div class="original">
+<p>
+Constraints can also deny combinations of principals access to the entire resource.
+If the authorized user is a member of any of the listed groups, roles or users, all access to the resource is denied.
+</p>
+</div>
+<p>
+$B@)Ls$O!"%W%j%s%7%Q%k$NAH$_9g$;$,!"A4$F$N%j%=!<%9$KBP$9$k%"%/%;%9$r5qH]$9$k$3$H$b2DG=$G$9!#$b$7>5G'$5$l$?%f!<%6$,!"%j%9%H$5$l$?%0%k!<%W$d%m!<%k$d%f!<%6$N%a%s%P!<$G$"$l$P!"%j%=!<%9$KBP$9$kA4$F$N%"%/%;%9$O5qH]$5$l$^$9!#(B
+</p>
+<div class="original">
+<source><![CDATA[
+    <security-constraint>
+      <roles>hacker, coder, guru</roles>    
+      <groups>unix, linux, freebsd</groups>
+      <users>betty, fred, barney, wilma</users>      
+    </security-constraint>
+]]></source>
+</div>
+<source><![CDATA[
+    <security-constraint>
+      <roles>hacker, coder, guru</roles>    
+      <groups>unix, linux, freebsd</groups>
+      <users>betty, fred, barney, wilma</users>      
+    </security-constraint>
+]]></source>
+</subsection>
+<subsection name='[All *] All *'>
+<div class="original">
+<p>
+The * can be applied to roles, groups, users or permissions to imply ALL.
+<source><![CDATA[
+    <security-constraint>
+      <users>*</users>      
+      <permissions>*</permissions>
+    </security-constraint>
+]]></source>
+</p>
+</div>
+<p>
+$BA4$F$r0UL#$9$k(B * ($B%"%9%?%j%9%/(B) $B$O!"%m!<%k!"%0%k!<%W!"%f!<%6!"%Q!<%_%C%7%g%s$NA4$F$KE,MQ2DG=$G$9!#(B
+<source><![CDATA[
+    <security-constraint>
+      <users>*</users>      
+      <permissions>*</permissions>
+    </security-constraint>
+]]></source>
+</p>
+</subsection>
+<subsection name='[Owner] $B%*!<%J!<(B'>
+	<div class="original">
+    <p>
+    TODO
+    </p>
+	</div>
+	<p>
+	TODO
+	</p>
+</subsection>
+</section>
+<section name='[Declarative and Global Constraints] $B ＠ k8@7?$N@)Ls$H%0%m!<%P%k$N@)Ls(B'>
+<div class="original">
+<p>
+Declarative constraints are declared in the <b><i>page.security</i></b> file of the root of a site.
+Declarative constraints are referenced in pages and folders with the <b><i>security-constraints-ref</i></b> tag.
+Global constraints are also declarative constraints. They are also defined and found in the <b><i>page.security</i></b> file in the root PSML repository.
+The difference with global constraints is that they implicitly apply to all folders and pages within the scope of the page.security file, (i.e. the site).
+Note that there can be only one <b><i>page.security</i></b> file in a Jetspeed installation.
+</p>
+</div>
+<p>
+$B ＠ k8@7?$N@)Ls$O!"%5%$%H$N%k!<%H$K$"$k(B <b><i>page.security</i></b> $B%U%!%$%kFb$G ＠ k8@$5$l$^$9!#@k8 ＠ 7?$N@)Ls$O!"(B<b><i>security-constraints-ref</i></b> $B%?%0$r;H$C$F!"%Z!<%8$d%U%)%k%@Fb$G;2>H$5$l$^$9!#%0%m!<%P%k$J@)Ls$b ＠ k8@7?$N@)Ls$G$9!#$3$l$i$O!"%k!<%H(B PSML $B%j%]%8%H%jFb$N(B <b><i>page.security</i></b> $B%U%!%$%kFb$G ＠ k8@$5$l!"8+IU$+$j$^$9!#%0%m!<%P%k$J@)Ls$N0c$$$O!"(Bpage.security $B%U%!%$%k$N%9%3!<%WFb(B ($B$9$J$o$A%5%$%H(B) $B$NA4$F$N%U%)%k%@$H%Z!<%8$K!"0EL[$N$&$A$KE,MQ$5$l$k$3$H$G$9!#(BJetspeed $B$r%$%s%9%H!<%k$9$k$H!"0l$D$7$+(B <b><i>page.security</i></b> $B%U%!%$%k$OB8:_=PMh$J$$$3$H$KCm0U$7$F$/$@$5$$!#(B
+</p>
+<div class="original">
+<source><![CDATA[
+  <security-constraints-def name="admin">
+    <security-constraint>
+      <roles>admin</roles>
+      <permissions>view, edit</permissions>
+    </security-constraint>
+  </security-constraints-def>
+  <global-security-constraints-ref>admin</global-security-constraints-ref>
+]]></source>
+</div>
+<source><![CDATA[
+  <security-constraints-def name="admin">
+    <security-constraint>
+      <roles>admin</roles>
+      <permissions>view, edit</permissions>
+    </security-constraint>
+  </security-constraints-def>
+  <global-security-constraints-ref>admin</global-security-constraints-ref>
+]]></source>
+<subsection name='[Default Constraints] $B%G%U%)%k%H$N@)Ls(B'>
+<div class="original">
+<p>
+    Several security constraint declarations are made in the default deployment of Jetspeed:
+<table>
+    <tr>
+        <th>name</th>
+        <th>grants</th>
+        <th>permissions</th>        
+        <th>global</th>
+    </tr>
+    <tr>
+        <td>admin</td>
+        <td>roles: admin</td>
+        <td>view, edit</td>        
+        <td>yes</td>
+    </tr>
+    <tr>
+        <td>manager</td>
+        <td>roles: manager</td>
+        <td>view</td>        
+        <td>no</td>
+    </tr>
+    <tr>
+        <td>users</td>
+        <td>roles: user, manager</td>
+        <td>view</td>        
+        <td>no</td>        
+    </tr>
+    <tr>
+        <td>public-view</td>
+        <td>users: *</td>
+        <td>view</td>        
+        <td>no</td>        
+    </tr>
+    <tr>
+        <td>public-edit</td>
+        <td>users: *</td>
+        <td>view, edit</td>        
+        <td>no</td>        
+    </tr>    
+</table>    
+</p>
+</div>
+<p>
+$B%;%-%e%j%F%#@)Ls$N ＠ k8@$K$O!"(BJetspeed $B$N%G%U%)%k%H$NG[Hw$G:n ＠ .$5$l$k$b$N$,$"$j$^$9!#(B
+<table>
+    <tr>
+        <th>$B@)LsL>(B</th>
+        <th>$BM?$($i$l$kBP>](B</th>
+        <th>$B%Q!<%_%C%7%g%s(B</th>        
+        <th>$B%0%m!<%P%k$+$I$&$+(B</th>
+    </tr>
+    <tr>
+        <td>admin</td>
+        <td>roles: admin</td>
+        <td>view, edit</td>        
+        <td>yes</td>
+    </tr>
+    <tr>
+        <td>manager</td>
+        <td>roles: manager</td>
+        <td>view</td>        
+        <td>no</td>
+    </tr>
+    <tr>
+        <td>users</td>
+        <td>roles: user, manager</td>
+        <td>view</td>        
+        <td>no</td>        
+    </tr>
+    <tr>
+        <td>public-view</td>
+        <td>users: *</td>
+        <td>view</td>        
+        <td>no</td>        
+    </tr>
+    <tr>
+        <td>public-edit</td>
+        <td>users: *</td>
+        <td>view, edit</td>        
+        <td>no</td>        
+    </tr>    
+</table>    
+</p>
+</subsection>
+</section>
+<section name='[Folder Constraints] $B%U%)%k%@$N@)Ls(B'>
+<div class="original">
+<p>
+Folder Security constraints are placed in a <b><il>security-constraints list</il></b> in the <b><i>folder.metadata</i></b> file optionally found in each folder in the site.
+Note that the absence of a <b><i>folder.metadata</i></b> or security constraints within that file means that the folder will
+inherit the constraints of the parent folder, all the way up to the root folder of the site or subsite. Folder constraints do
+not inherit across subsites. Folder security constraints are made up of declarative security constraints and referential security
+constraints. Here is an example of both, the first being a referential constraint, the second a declarative constraint:
+<source><![CDATA[
+  <security-constraints>
+    <security-constraints-ref>public-view</security-constraints-ref>
+    <security-constraint>
+      <groups>engineering</groups>
+      <permissions>view</permissions>
+    </security-constraint>    
+  </security-constraints>
+]]></source>
+</p>
+</div>
+<p>
+$B%U%)%k%@$N%;%-%e%j%F%#@)Ls$O!"%5%$%HFb$N3F%U%)%k%@$K%*%W%7%g%J%k$GB8:_$9$k(B <b><i>folder.metadata</i></b> $B%U%!%$%kFb$N(B <b><i>security-constraints $B%j%9%H(B</i></b> $BFb$K5-=R$5$l$^$9!#(B<b><i>folder.metadata</i></b> $B%U%!%$%k$,$J$$>l9g!"$b$7$/$O$=$N%U%!%$%kFb$K%;%-%e%j%F%#@)Ls$N5-=R$,$J$$>l9g$O!"%U%)%k%@$O!"%5%$%H$+%5%V%5%$%H$N%k!<%H%U%)%k%@$^$G%G%#%l%/%H%j$r$?$I$C$F!"?F%U%)%k%@$N@)Ls$r7Q>5$9$k$3$H$KCm0U$7$F$/$@$5$$!#0J2<$KFs$D$NNc$r<($7$^$9!#0l$DL\$O@)Ls$N;2>H$G$"$j!"Fs$DL\$O ＠ k8@7?$N@)Ls$G$9!#(B
+<source><![CDATA[
+  <security-constraints>
+    <security-constraints-ref>public-view</security-constraints-ref>
+    <security-constraint>
+      <groups>engineering</groups>
+      <permissions>view</permissions>
+    </security-constraint>    
+  </security-constraints>
+]]></source>
+</p>
+<div class="original">
+<p>
+Note that all security constraints must be placed within a <b><i>security-constraints</i></b> collection.
+</p>
+</div>
+<p>
+$BA4$F$N%;%-%e%j%F%#@)Ls$O!"(B<b><i>security-constraints</i></b> $BFb$K5-=R$7$J$1$l$P$J$j$^$;$s!#(B
+</p>
+</section>
+<section name='[Page Constraints] $B%Z!<%8$N@)Ls(B'>
+<div class="original">
+<p>
+Page Security constraints are placed <b><il>security-constraints list</il></b> 
+in <b><i>PSML</i></b> files and are optional.
+Note that the absence of a  security constraints list within that file means that the folder will
+inherit the constraints of the folder in which it resides.  Page security constraints are made up of 
+declarative security constraints and referential security
+constraints. Here is an example of both, the first being a referential constraint, the second a declarative constraint:
+</p>
+</div>
+<p>
+$B%Z!<%8$N%;%-%e%j%F%#@)Ls$O!"(B<b><i>PSML</i></b> $B%U%!%$%kFb$N(B <b><i>security-constraints list</i></b> $B$K5-=R$5$l$^$9!#$3$l$O%*%W%7%g%J%k$G$9!#$3$N%U%!%$%k$K%;%-%e%j%F%#@)Ls$N5-=R$,$J$$>l9g$O!"%U%)%k%@$O!"<+?H$,B8:_$9$k%U%)%k%@$N@)Ls$r7Q>5$9$k$3$H$KCm0U$7$F$/$@$5$$!#%Z!<%8$N%;%-%e%j%F%#@)Ls$O!"@k8 ＠ 7?$N%;%-%e%j%F%#@)Ls$H;2>H7?$N%;%-%e%j%F%#@)Ls$+$i:n ＠ .$5$l$^$9!#0J2<$K!"Fs$D$NNc$r<($7$^$9!#0l$DL\$O;2>H7?$N@)Ls!"Fs$DL\$O ＠ k8@7?$N@)Ls$G$9!#(B
+</p>
+<div class="original">
+<source><![CDATA[
+  <security-constraints>
+    <security-constraints-ref>global-view</security-constraints-ref>
+    <security-constraint>
+      <groups>accounting</groups>
+      <permissions>view, edit</permissions>
+    </security-constraint>    
+  </security-constraints>
+]]></source>
+</div>
+<source><![CDATA[
+  <security-constraints>
+    <security-constraints-ref>global-view</security-constraints-ref>
+    <security-constraint>
+      <groups>accounting</groups>
+      <permissions>view, edit</permissions>
+    </security-constraint>    
+  </security-constraints>
+]]></source>
+<div class="original">
+<p>
+Note that all security constraints must be placed within a <b><i>security-constraints</i></b> collection.
+</p>
+</div>
+<p>
+$BA4$F$N%;%-%e%j%F%#@)Ls$O!"(B<b><i>security-constraints</i></b> $BFb$K5-=R$7$J$1$l$P$J$j$^$;$s!#(B
+</p>
+</section>
+<section name='[Fragment Constraints] $B%U%i%0%a%s%H$N@)Ls(B'>
+<div class="original">
+<p>
+As with Page Security constraints, Fragment Security constraints are placed within
+<b><il>security-constraints list</il></b> in <b><i>PSML</i></b> page files and are
+again optional. As expected, the absence of a security constraints list implies the
+fragment will inherit the constraints of the page of which it is a part. Note that
+only the view permission is checked against these constraints. Other permissions
+are tested only against the containing page.
+</p>
+</div>
+<p>
+$B%Z!<%8$N%;%-%e%j%F%#@)Ls$HF1MM$K!"%U%i%0%a%s%H$N%;%-%e%j%F%#@)Ls$O!"(B<b><i>PSML</i></b> $B%U%!%$%kFb$N(B <b><i>security-constraints list</i></b> $B$K5-=R$5$l$^$9!#$3$N5-=R$O%*%W%7%g%J%k$G$9!#M=A[DL$j!"%;%-%e%j%F%#$N@)Ls$N%j%9%H$,$J$$>l9g$O!"%U%i%0%a%s%H$O!"<+?H$,B0$9$k%Z!<%8$N@)Ls$r7Q>5$7$^$9!#(Bview $B%Q!<%_%C%7%g%s$@$1$,%U%i%0%a%s%H$N@)Ls$KBP$7$F%A%'%C%/$5$l$k$3$H$KCm0U$7$F$/$@$5$$!#B>$N%Q!<%_%C%7%g%s$O4^$^$l$k%Z!<%8$KBP$7$F$N$_%F%9%H$5$l$^$9!#(B
+</p>
+</section>
+<section name="[Spring Configuration] Spring $B$N ＠ _Dj(B">
+<div class="original">
+<p>
+Declarative Security Constraints are enabled by default in the Spring configuration of the
+Page Manager component. Here is the default Page Manager bean configuration from the
+<b><i>page-manager.xml</i></b> spring assembly configuration file:
+</p>
+</div>
+<p>
+$B ＠ k8@7?$N%;%-%e%j%F%#@)Ls$O!"%G%U%)%k%H$G%Z!<%8%^%M!<%8%c%3%s%]!<%M%s%H$N(B Spring $B$N ＠ _Dj$GM-8z$K$J$j$^$9!#0J2<$K!"(B<b><i>page-manager.xml</i></b> $B$H$$$&(B Spring $B$NItIJ ＠ _Dj%U%!%$%k$N%G%U%)%k%H$N%Z!<%8%^%M!<%8%c(B bean $B$N ＠ _Dj$r<($7$^$9!#(B
+</p>
+<div class="original">
+<source><![CDATA[
+  <bean id="org.apache.jetspeed.page.PageManager" 
+       name="pageManager"
+       class="org.apache.jetspeed.page.psml.CastorXmlPageManager">         
+       <constructor-arg index="0"><ref bean="IdGenerator"/></constructor-arg>
+       <constructor-arg index="1"><ref bean="DocumentHandlerFactory"/></constructor-arg>
+       <constructor-arg index="2"><ref bean="FolderHandler"/></constructor-arg>
+       <constructor-arg index="3"><ref bean="PageFileCache"/></constructor-arg>        
+       <!-- permissions security enabled flag, default=false -->
+       <constructor-arg index="4"><value>false</value></constructor-arg>
+       <!-- constraints security enabled flag, default=true -->
+       <constructor-arg index="5"><value>true</value></constructor-arg>
+  </bean>
+]]></source>
+</div>
+<source><![CDATA[
+  <bean id="org.apache.jetspeed.page.PageManager" 
+       name="pageManager"
+       class="org.apache.jetspeed.page.psml.CastorXmlPageManager">         
+       <constructor-arg index="0"><ref bean="IdGenerator"/></constructor-arg>
+       <constructor-arg index="1"><ref bean="DocumentHandlerFactory"/></constructor-arg>
+       <constructor-arg index="2"><ref bean="FolderHandler"/></constructor-arg>
+       <constructor-arg index="3"><ref bean="PageFileCache"/></constructor-arg>        
+       <!-- permissions security enabled flag, default=false -->
+       <constructor-arg index="4"><value>false</value></constructor-arg>
+       <!-- $B@)Ls%;%-%e%j%F%#%b%G%k$NM-8z%U%i%0!"%G%U%)%k%H(B true  -->
+       <constructor-arg index="5"><value>true</value></constructor-arg>
+  </bean>
+]]></source>
+<div class="original">
+<p>
+Here the 6th, (index="5"), boolean constructor argument specifies whether or
+not the "constraints security" model is enabled. If the Declarative Security Constraints
+are not enabled, all inline, referenced, and global security constraints will be ignored. 
+</p>
+</div>
+<p>
+$B$3$NNc$N(B 6 $BHVL\(B (index="5") $B$N??56CM$N%3%s%9%H%i%/%?0z?t$,!"(B"$B@)Ls%;%-%e%j%F%#(B" $B%b%G%k$rM-8z$K$9$k$+$I$&$+$N;XDj$r9T$&$b$N$G$9!#$b$7!"@k8 ＠ 7?$N%;%-%e%j%F%#@)Ls$,M-8z$G$J$$$N$J$i!"A4$F$N%$%s%i%$%s!";2>H7?!"%0%m!<%P%k$N%;%-%e%j%F%#@)Ls$OL5;k$5$l$^$9!#(B
+</p>
+</section>
+
+</body>
+</document>

• 前の記事 [Jetspeed-japan-trans] Re: guides/guide-menus-declarative-psml.xml
• 次の記事 [Jetspeed-japan-trans] CVS-Update: jetspeed-2-trans/xdocs committed by shinsuke
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]