cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bart Molenkamp" <b.molenk...@bizzdesign.nl>
Subject RE: Cocoon and security (JAAS or J2EE??)
Date Tue, 21 Sep 2004 13:59:22 GMT
I'm currently using that block, and wrote a pipeline that simply puts
the request.getUserPrincipal().getName() (or whatever the API call is
exactly) to authenticate a user (well, the user is already authenticated
but it lets the authentication framework know that the user is
authenticated). That works fine.

I also know that I can protect documents with that framework, but how
can I specify that only users with a specific role can view that
document (pipeline)? Do I need to write my own sitemap components for
that (e.g. an action)?

Bart.

> -----Original Message-----
> From: Carsten Ziegeler [mailto:cziegeler@apache.org]
> Sent: Tuesday, September 21, 2004 3:52 PM
> To: dev@cocoon.apache.org
> Subject: RE: Cocoon and security (JAAS or J2EE??)
> 
> Bart Molenkamp wrote:
> 
> >
> > Hi all,
> >
> > I've been looking for a good method of securing Cocoon web
> > applications.
> > I think that authentication/authorization via JAAS or via the
> > web container are good methods. Are there any implementations
> > available that integrate Cocoon and these security mechanisms?
> >
> > And if so, what are the possibilities of declarative security
> > and authorisation in sitemaps? E.g. declaring that a pipeline
> > can only be executed by users with a specific role?
> >
> You could use the authentication-fw block and write an own
> Authenticator for it. The authenticator is the connection
> between your Cocoon application and the used security mechanism.
> 
> I think a time ago there were some guys that have developed
> such an Authenticator - at least I think I saw it on the users
> list.
> 
> Anyways, writing such an Authenticator is really simple. Once
> you have done this, you can configure it using the authentication
> framework and can then use declarative security in your sitemap
> (or in flow). You can test, if the user is authenticated, if
> he is in a role etc.
> 
> HTH
> Carsten


Mime
View raw message