cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Antonio Gallardo" <>
Subject Re: Authentication framework - A new Action for multiple roles.
Date Sun, 18 May 2003 03:38:56 GMT
Hi Tuomo:

Thanks for your answer! Your suggestion really rocks, saving time!

Of course, define all the resources in the sitemap, but using the wildcard
matcher that save typing. For example:

<map:match pattern="usr-*.html">

can save to write all the page related to the users:


The keyword will define a group of page at all, and send the keyword as a
parameter of the action. For example:

In the case described, the keyword can be "users".

Thanks again, we already included your suggestion in our specifications.

Best regards,

Antonio Gallardo

Tuomo L dijo:
> Hi Antonio,
> Would it be better to have the resources as "keywords" than as sitemap
> resources? If you have them as sitemap resources (ex.
> "../foo/bar.html"), then they are defined two times: in sitemap and in
> the database table. If the structure of the site changes (new subdirs
> etc.) then one needs to update the database also. The mapping of the
> keywords could be done in the sitemap by feeding the action with the
> keyword:
> <map:match pattern="protected.html">
>   <map:action type="multiple-role-auth-action">
>     <map:parameter name="resource" value="foobar"/>
>     <map:generate src="protected.xml"/>
>     ...
>   </map:action>
>   <map:redirect-to uri="access-denied.html"/>
> </map:match>
> Or is this how you have done it already? If so, forget this. Otherwise,
> comment! :)
> -Tuomo
> On Fri, 16 May 2003, Antonio Gallardo wrote:
>> Hi:
>> Since we need to let more than one role to access the same resource. I
>> was re-reading the docs about the authentication framework.
>> The new action will allow to check permision on a user basis stored
>> into the authentication context session.
>> We build 5 tables into our database:
>> auth_users       - The users that can use the application.
>> auth_roles       - Roles of the users.
>> auth_users-roles - Relation between users and roles.
>> auth_resources   - List of the protected resources
>> auth_permissions - Relationship between roles and resources.
>> As you see from the tables, this allow:
>> 1 user can have ONE OR MORE roles
>> 1 resource can be accessed by ONE OR MORE roles.
>> It will get:
>> 1- The userid from the authentication session context, and
>> 2- The "requested resource" from the processed "request"
>> Into the action we will do a simple SQL query that will find the
>> relation between the userid and the resource.
>> If there is a resultSet the action will return a map. Else it will
>> return a NULL map, the action fails.
>> ===================================
>> Here will go into the play some forms that will take serve as database
>> interface to the tables:
>> Add user and give them the roles,
>> Edit user including enable or disable user, edit roles of the users.
>> Delete user.
>> Add resources and define the roles that can access this resources.
>> Edit resources, including enable/disable resources, edit defined roles
>> that access to the resource.
>> Delete resource
>> Add role
>> Edit role, including enable/disable role.
>> Delete role.
>> Well this is another use case for the authentication framework.
>> What do you think about this approach, is this correct?
>> Is posible to create another scenario without creating another action?
>> I also posted these intro here because maybe we can found an approach
>> to authenticate using LDAP or a Java class.
>> Best Regards,
>> Antonio Gallardo

View raw message