cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Per Kreipke" <...@onclave.com>
Subject RE: [Q] SunRise roles?
Date Tue, 13 Aug 2002 14:48:11 GMT
> > I can't figure out how or where the SunRise <role> part of
> > authentication is
> > used.
> >
> It is used in the (sunSpot) portal framework for generating
> the profile of a user. But apart from that it's not use.

Ok.

> > Can it be used in the AuthAction to limit access by roles?
> >
> You can write your own component for this, but afaik there
> is currently none already available.
>
> > Is there an example of using them someplace?
> >
> Besides the (big) portal code: I think, no.
>
> > When are all the users with a given role queried?
> >
> For a running system: never. Only the user management web
> application where you can add a new user, add roles etc.
> fetches all users for a given role to make them editable.

Ok.

Follow up questions:

- is there an equivalent call to HTTPServletRequest.isUserInRole() against
the authentication context?

- From what I can tell, the SunRise code doesn't support the notion of
multiple roles per user. It makes the SunRise Authentication support not a
complete replacement for container security.  Perhaps that wasn't the goal
but it's something people will look for.

What's the background for that? Do you think it could be overcome easily
(how?)?

Aside: if I return a list of comma separated roles could the portal still be
made to work?

- I'm not clear why the SessionContextImpl doesn't implement some of the
functions like getNodeList(String path).

Thoughts for doing multiple roles:

+ comma separated list of roles inside <role> (yes, sounds flaky doesn't
it).

+ add to the <data> section

<authentication>
  <ID>per</ID>
  <role>unused</role>
  <data>
    <roles>
      <role>manager</role>
      <role>ibm</role>
      <role>admin</role>
    </roles>
  </data>
</authentication>

But then I immediately ran into trouble trying to iterate over all the
nested <role>s inside <roles> since SessionContextImpl doesn't implement
some of the xpath functions.

Aside: what contexts (besides 'sunRise') is the SessionContextImpl used
instead of SimpleSessionContext?

Per


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>


Mime
View raw message