cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nicola Ken Barozzi" <nicola...@supereva.it>
Subject Re: [C2]Access control using sitemap
Date Fri, 08 Sep 2000 21:02:56 GMT
From: "Giacomo Pati" <Giacomo.Pati@pwr.ch>
> Lassi Immonen wrote:
> > 
> > > > I really would like to use Cocoon2 in our web/content management
> > project.
> > > > Could someone give some advice how to implement user
> > identification/access
> > > > control using sitemap? It has to be somekind of selector and all
> > requests
> > > > has to go through same point?
> > >
> > > IIRC, there was a policy to not handle authorisation and authentication
> > > in the sitemap, and let the web server handle that.
> > 
> > Is there any reason not to use sitemap as basis of creating access control
> > system?
> 
> Not really. Nobody stops you from doing so. But wouldn't you think that
> especially authentication is better done at the servlet container side?
> It offers may ways to do so, from basic and form based authentication to
> strong client side authentication using certificates.

I had a discussion with lrich on the user list on this one.
He insisted that non-container based auth-auth is better 4 him and wrote
a taglib.
Personally I agree with Giacomo, but a system that uses both is welcome IMHO.

> > It's not going to be only access control, I plan to have ability to produce
> > dynamic content based on userprofile in database.
> 
> IMHO this is another part. Usually its called authorisation. Off course
> this is something that only your application can determine and would
> clearly fit into the sitemap or better into XSP pages.

Yes, it's explained clearlt on the J2EE site.
For the third time ;-) I attatch my simple example of XSP authorization
taglib used with servlet container security.
Believe me, it's very easy! :-)

Anyway we could talk about integrating the approaches for a uniform
system, although I feel it's more to write in the docs than in the codes.
It's very important nevertheless.

nicola_ken

Nicola Ken Barozzi - AISA Industries S.p.A
http://www.aisaindustries.it/
Via Leonardo da Vinci,2 Ticengo (CR) Italy
Research Activity:
Politecnico di Milano - Dipartimento di Meccanica
Piazza Leonardo da Vinci, n.32 - 20133 Milano (Italy)

Mime
View raw message