Return-Path: 
 <cocoon-users-return-50527-apmail-xml-cocoon-users-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-cocoon-users-archive@xml.apache.org
Received: (qmail 1848 invoked by uid 500); 13 May 2003 14:05:05 -0000
Mailing-List: contact cocoon-users-help@xml.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:cocoon-users-help@xml.apache.org>
list-unsubscribe: <mailto:cocoon-users-unsubscribe@xml.apache.org>
list-post: <mailto:cocoon-users@xml.apache.org>
Reply-To: cocoon-users@xml.apache.org
Delivered-To: mailing list cocoon-users@xml.apache.org
Received: (qmail 1796 invoked from network); 13 May 2003 14:05:03 -0000
Received: from vern.chem.tu-berlin.de (130.149.66.116)
  by daedalus.apache.org with SMTP; 13 May 2003 14:05:03 -0000
Received: from vern.chem.tu-berlin.de (localhost [127.0.0.1])
	by vern.chem.tu-berlin.de (8.12.3/8.12.3/SuSE Linux 0.6) with ESMTP id
 h4DE51GD018406
	for <cocoon-users@xml.apache.org>; Tue, 13 May 2003 16:05:01 +0200
Received: from localhost (stephan@localhost)
	by vern.chem.tu-berlin.de (8.12.3/8.12.3/Submit) with ESMTP id h4DE50r3018403
	for <cocoon-users@xml.apache.org>; Tue, 13 May 2003 16:05:00 +0200
X-Authentication-Warning: vern.chem.tu-berlin.de: stephan owned process doing
 -bs
Date: Tue, 13 May 2003 16:05:00 +0200 (CEST)
From: Stephan Michels <stephan@apache.org>
X-X-Sender: stephan@vern.chem.tu-berlin.de
To: "'cocoon-users@xml.apache.org'" <cocoon-users@xml.apache.org>
Subject: Re: Cocoon and security
In-Reply-To: <F36FD02432C1934FBA8256E06D4ADF73023ECDB6@h3gshex1.h3guk.com>
Message-ID: <Pine.LNX.4.44.0305131557370.16961-100000@vern.chem.tu-berlin.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N




On Tue, 13 May 2003, Chris Pratt wrote:

>
>
> > Can some one point me at a decent site with a clear explanation for
> > security / authorization of a site:
> >
> > I have the follwoing in my tomcat-users.xml:
> >
> > <tomcat-users>
> >   <role rolename="admin"/>
> >   <role rolename="operator"/>
> >   <user username="admin" password="admin" roles="admin"/>
> >   <user username="operator" password="operator" roles="operator"/>
> > <tomcat-users>
> >
> > It is easy to tell everyone who can login to go everywhere however:
> > I want to direct those that log on as admin to one place in my site , and
> > operators to another; I have found the following to put in my sitemap.xml
> >
> > <map:match pattern="">
> > <map:select type="parameter">
> > <map:parameter name="parameter-selector-test" value="{../ID}"/>
> > <map:when test="admin">
> >  	<map:generate type="file" src="docs/cphome.xml"/>
> > 	<map:transform type="xslt" src="xslt/simple-page2html.xsl"/>
> > 	<map:serialize type="html"/>
> > 	<map:parameter >name="use-request-parameters" value="true"/>
> > </map:when>
> > <map:when test="operator">
> >  	<map:generate type="file" src="docs/cphomeall.xml"/>
> > 	<map:transform type="xslt" src="xslt/simple-page2html.xsl"/>
> > 	<map:serialize type="html"/>
> > 	<map:parameter >name="use-request-parameters" value="true"/>
> > </map:when>
> >  </map:select>
> > </map:match>
> >
> > But this doesn't work either.... and I am not sure where in the site map a
> > handler goes and no idea what  value="{../ID}" is.
> > Anyway I am sure this should not be this hard, all I want to do is have a
> > couple of people login in if they are admin go here, if operators go there
> > Chris

Write your own selector, which tests if the user have a
special role which request.isUserInRole.

public class UserRoleSelector implements Selector {

    boolean select (String expression, Map objectModel, Parameters
parameters) {

        return ObjectModelHelper.getRequest(objectModel).isUserInRole(expression);
    }
}

Stephan.


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org