cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vadim Gritsenko <>
Subject Re: cvs commit: xml-cocoon2 changes.xml
Date Thu, 19 Dec 2002 00:33:27 GMT
Antonio Gallardo wrote:

>Hi Vadim:
>Vadim Gritsenko dijo:
>>In the mean time (before integration of xscript and session-fw), the
>>best way is to create separate session-fw logicsheet. The reason is that
>> session logicsheet is completely different thing and is not related to
>>the session-fw.
>It's OK. But what we can do now? Let me explain:
>I wrote the <xsp-session-getxml> tag because I needed a way to separate
>permisions for every page that a user request. Then I created some
>"groups" of people. Inside every page I check for this permission to
>decide if the user has the right or not to see the page. Currently I am
>managing 8 groups of permissions.
>The user permissions are loaded when you sucessfully login into the
>system. Then the groups of each user lives inside the session of the user.
>I made it in this form because I wanted to not request the database of
>users every time I need to check a user's permission.
>As you can see the tag was done more to interface the authentication-fw
>than the session-fw.
>Also it seems to be quite stable. My application currently has 45 users in
>a LAN. Every day the tag checks hundreds of authentication permissions of
>the users and everything works fine.
>I agree with you that there must be a better interface to all this stuff,
>but currently there is the only way to do that with XSP.
>I thinked that I can do the same functionality using an action.

In your situation, I would prefer to do permission check in the sitemap 
by invoking some action instead of putting it into the page. This will 
allow me to have clean pages without permissions, and whole permission 
checking logic in one place - action, and managed from another place - 
sitemap. To me this is better separation, then mixing everything 
(content, and auth configuration) in the page.

But in any case it is valuable to have session-fw and/or 
authentication-fw logicsheets to be used from XSP.


>I will be glad if you (gurus) can comment about this. :-D
>Antonio Gallardo.

To unsubscribe, e-mail:
For additional commands, email:

View raw message