cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bart Molenkamp" <b.molenk...@bizzdesign.nl>
Subject RE: Cocoon and security (JAAS or J2EE??)
Date Tue, 21 Sep 2004 14:08:44 GMT
Okay, that probably solves my problem!

> -----Original Message-----
> From: Carsten Ziegeler [mailto:cziegeler@apache.org]
> Sent: Tuesday, September 21, 2004 4:08 PM
> To: dev@cocoon.apache.org
> Subject: RE: Cocoon and security (JAAS or J2EE??)
> 
> Bart Molenkamp wrote:
> >
> > I'm currently using that block, and wrote a pipeline that
> > simply puts the request.getUserPrincipal().getName() (or
> > whatever the API call is
> > exactly) to authenticate a user (well, the user is already
> > authenticated but it lets the authentication framework know
> > that the user is authenticated). That works fine.
> >
> > I also know that I can protect documents with that framework,
> > but how can I specify that only users with a specific role
> > can view that document (pipeline)? Do I need to write my own
> > sitemap components for that (e.g. an action)?
> >
> This is one solution, yes.
> 
> But you can also include the role information in the authenticator,
> which means the Document you return could add a "guest" element,
> if the user is in this role etc.
> Then in the sitemap, the auth-protect action that you use to
> protect your pipeline, returns all elements as keys to the
> included sitemap components:
> <act type="auth-protect">
>    <!-- Conf for action -->
>    <!-- You can check for the "guest" role here: -->
> </act>
> 
> You can do the test with the parameter selector, e.g.
> 
> HTH
> Carsten


Mime
View raw message