[Deploying Sakai] Hide Sakai login and password reset

Matthew Jones jonespm at umich.edu
Thu Aug 13 08:55:08 PDT 2009

I'm not entirely sure on the first question. For internal users, a
regular access user can only modify their name, email and password. An
admin user can change a user id. Perhaps you were viewing this as

If you are using a provider then the lookups are different. It's
pulling the details of the User object from the external provider.
(getUser) The provider supplies the email address. To edit, your
provider would have to have extend the UserDirectoryService and allow
you to specify which of these details back to the external system.

If you wanted to have certain fields not editable and you're not using
a provider it looks like you'd likely have to change the velocity file
in the source to disable/remove these inputs.
(user/user-tool/tool/src/webapp/vm/user/chef_users_edit.vm) For vm's
you can edit them in the webapp and rezip them into the war to save on
the rebuild, though loading the changes will require a app

It's in webapps/sakai/user-tool/vm/user/chef_users_edit.vm
Edit file and repackage:
jonespm at localhost:/usr/local/tomcat/webapps/sakai-user-tool$ zip
../sakai-user-tool.war vm/user/chef_users_edit.vm
updating: vm/user/chef_users_edit.vm (deflated 77%)
For the second question, you can block with a context in tomcat, or if
you have Apache/IIS in front you can also use some rewriting/location
blocking there.

For tomcat add these to the host block in conf/server.xml
(Reference: http://serverfault.com/questions/28337/how-to-block-access-to-a-file-from-being-served-by-tomcat)
      <Host name="localhost" appBase="webapps"
       unpackWARs="true" autoDeploy="true"
       xmlValidation="false" xmlNamespaceAware="false">
      . . .

       <Context path="/portal/xlogin" docBase="" >
className="org.apache.catalina.valapps.RemoteAddrValapp" deny="*" />

       <Context path="/portal/login" docBase="" >
className="org.apache.catalina.valapps.RemoteAddrValapp" deny="*" />
       . . .


On Thu, Aug 13, 2009 at 9:54 AM, Grossman,John
E<john.grossman at mdanderson.org> wrote:
> In Sakai 2.6 we are authenticating users via LDAP and Sakai web services.
> We’d like to do two things:
> Prevent users from changing  user ids and creating new passwords on the
> Account Details page while still allowing them to change their email
> address.
> Block access to portal/login and portal/xlogin
> Any suggestions on the best/easiest way to accomplish this?
> John Grossman
> The University of Texas M. D. Anderson Cancer Center
> john.grossman at mdanderson.org
> _______________________________________________
> production mailing list
> production at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/production
> TO UNSUBSCRIBE: send email to production-unsubscribe at collab.sakaiproject.org
> with a subject of "unsubscribe"

More information about the production mailing list