cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guido Casper" <gcas...@s-und-n.de>
Subject Re: Authentication framework - A new Action for multiple roles.
Date Tue, 20 May 2003 05:51:20 GMT
Antonio Gallardo wrote:
<snip/>
> OK. I finally understand the point and I totally agree. Lets sumarize
> this: 
> 
> 1-We will load the roles to the authentication session context at the
> authentication time. Example: The authentication context will look
> like: 
> 
> <ID>userid</ID>
> <data>
>   <roles>
>     <role>admin</role>
>     <role>operator</role>
>     <role>auditor</role>
>     ....
>   </roles>
> </data>
> 
> This is allowed by the current authentication model. We are not
> breaking any rule with this model. ;)
> 
> 2-When we call the action it will have 3 parameters:
> 
> a) auth_handler - The authentication handler
> b) keyword - A keyword that define the resource group we need to
> control. c) check_roles - a resource for internal call. It will
> returns a list of roles allowed to process a given keyword.
> 
> ******************************
> Can we ask to include the a "check_roles" property into the
> authentication-fw configuration? Of course as a optional property.
> Or it can be better to define it at <map:component-configurations>
> ******************************
> 
> The action will try to match the two roles list (roles of the users
> and roles allowed to process the resources).
> If it found a match then it returns: authentication:true.
> Else it fails.
> 
> HOW THE ACTION WORKS:
> 
> A-The will check if the user is loggedIn using the Authentication
> Manager. B-Action will call:
> 
> cocoon://check_roles?key=keyword

First I thought more of something like
cocoon://check_permission?key=keyword&role=admin
but I'm not sure.
Now I think, I like your's more :-)

Regards
Guido

> 
> This resource must returns something like:
> 
> <permissions>
>   <role>admin</role>
>   <role>other role</role>
> <permissions>
> 
> C-Validate the lists.

Guido Casper
-------------------------------------------------
S&N AG, Open Source Competence Center
                    Tel.: +49-5251-1581-87
Klingenderstr. 5    mailto:gcasper@s-und-n.de
D-33100 Paderborn   http://www.s-und-n.de
-------------------------------------------------

Mime
View raw message