cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Gallardo" <>
Subject Authentication framework - A new Action for multiple roles.
Date Sat, 17 May 2003 05:03:44 GMT

Since we need to let more than one role to access the same resource. I was
re-reading the docs about the authentication framework.

The new action will allow to check permision on a user basis stored into
the authentication context session.

We build 5 tables into our database:

auth_users       - The users that can use the application.
auth_roles       - Roles of the users.
auth_users-roles - Relation between users and roles.
auth_resources   - List of the protected resources
auth_permissions - Relationship between roles and resources.

As you see from the tables, this allow:

1 user can have ONE OR MORE roles
1 resource can be accessed by ONE OR MORE roles.

It will get:
1- The userid from the authentication session context, and
2- The "requested resource" from the processed "request"

Into the action we will do a simple SQL query that will find the relation
between the userid and the resource.

If there is a resultSet the action will return a map. Else it will return
a NULL map, the action fails.

Here will go into the play some forms that will take serve as database
interface to the tables:


Add user and give them the roles,
Edit user including enable or disable user, edit roles of the users.
Delete user.

Add resources and define the roles that can access this resources.
Edit resources, including enable/disable resources, edit defined roles
that access to the resource.
Delete resource

Add role
Edit role, including enable/disable role.
Delete role.

Well this is another use case for the authentication framework.

What do you think about this approach, is this correct?
Is posible to create another scenario without creating another action?

I also posted these intro here because maybe we can found an approach to
authenticate using LDAP or a Java class.

Best Regards,

Antonio Gallardo

View raw message