cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Langham" <mlang...@s-und-n.de>
Subject RE: [C 2.1 CVS] - About roles in user Authentication
Date Thu, 17 Oct 2002 09:57:12 GMT
>>
Looking in the authentication code, the role doesn't appear to be used other
than it's placed in the session context for future use.  So...
<<
That is correct.

>>
2.) use the portal (cocoon's) as i'm fairly certain it's used there to
distinguish between the various portal variants.
<<
Also correct. The role is used in the portal so that you can set up
different portals for say "users" vs. "gurus" vs. "admins".

As explained in the documentation, the authentication pipeline must return
XML if the user could be authenticated - the format of that XML is thus:

>>
<authentication>
    <ID>Unique user ID</ID>
    <role>user role</role>           <!-- optional -->

    <data>
        <!-- application specific data for the user -->
    </data>
</authentication>
>>

Notice that the <role> is optional and is only required if you are using the
authentication and portal together. And of course you can use the
authentication framework without the portal.

<plug mode="cheeky">
Did I mention that we offer great Cocoon training courses :-)
</plug>

Matthew

--
Open Source Group       Cocoon { Consulting, Training, Projects }
=================================================================
Matthew Langham, S&N AG, Klingenderstrasse 5, D-33100 Paderborn
Tel:+49-5251-1581-30  mlangham@s-und-n.de - http://www.s-und-n.de
-----------------------------------------------------------------
Cocoon book:
  http://www.amazon.com/exec/obidos/ASIN/0735712352/needacake-20
Weblog:
  http://radio.weblogs.com/0103021/
=================================================================


-----Original Message-----
From: Markdelanoy@aol.com [mailto:Markdelanoy@aol.com]
Sent: Thursday, October 17, 2002 11:40 AM
To: cocoon-users@xml.apache.org
Subject: Re: [C 2.1 CVS] - About roles in user Authentication


Looking in the authentication code, the role doesn't appear to be used other
than it's placed in the session context for future use.  So...

1.) you can make use of it somehow by accessing the session context
(authorization I believe)
2.) use the portal (cocoon's) as i'm fairly certain it's used there to
distinguish between the various portal variants.

The RoleFilterTransformer doesn't appear to use this.  Rather it uses the
J2EE role found in...  web.xml???  I forget, but basically it calls
request.isUserInRole().

Actually I'm assuming it's using hte j2ee role and not the cocoon role.   So
maybe you need to look in the request.isUserInRole mehtod to make sure.

MD

---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>


Mime
View raw message