cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler" <cziege...@s-und-n.de>
Subject RE: [Q] SunRise roles?
Date Fri, 16 Aug 2002 08:19:27 GMT
Per Kreipke wrote:
>
> Ah, philosophy :-)
>
Yupp!

Ok, I think we reached a state where it's difficult to say who is right
and who is wrong.

Personally, I think that the meaning of 'groups' and roles is mixed
somewhere in the servlet spec. *My* understanding is that a person
can be in several groups at a time but has at once time only exactly
one role. This understanding might be right or wrong, doesn't matter,
at least these are only words.


>
> 2. In your example, I think you're indicating that some roles are 'larger'
> than others and that the larger ones contain the smaller ones. E.g. the
> rights of the following roles from broadest to narrowest.

No, I didn't want to indicate that. Roles may be disjunctive (I hope this
is the right word).

>
> > If you need this list of possibilities, I would suggest to not use the
> > 'role' entry, but a 'roles' entry. The authentication framework
> > is flexible
> > and can handle this automatically.
>
> Right, <roles> was something I mentioned earlier but it already does so?
> That's news to me :-) How does it do so automatically? Where do I
> start/look?
>
When a user is in the process of being authenticated, the framework calls
the authentication pipeline of the handler. For a successful authentication,
this pipeline returns the authentication XML. You can simple extend
this XML, so that it has an additional <roles> entry parallel to <role>.
So, you can return
<authentication>
   <ID/>
   <role/> <!-- still optional, but required by the portal framework -->
   <roles>a,b,c</roles>
</authentication>

>
> > So, the authentication framework fits nicely into the servlet
> > role handling.
>
> Uh, I think I missed a leap somewhere :-)
>
> Can you please give me a pointer on what you mean? Are you talking about
> returning <roles> inside <data> and then selecting it when needed? Are you
> saying that it can implement Realm based security? You lost me, sorry.
>
So, in your authentication resource, you have to fill the <roles> entry,
this can be done by calling the servlet api and getting the roles
information
from there.
For testing against a role you have to write your own code/component.

Carsten


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>


Mime
View raw message