cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler" <>
Subject RE: Refined authentication: directory open for users, subdirectory for subgroup of users?
Date Tue, 18 Nov 2003 19:26:22 GMT
Just an idea how to solve this:
- during authentication you can pass the group information in the XML
  that is stored in the session.
- you can then write a "is-in-group"-selector and use that in the sitemap.
So if someone wants to access students/group 2, the selector looks in the
authentication xml stored in the session and grants only access if the
user is in the appropriate role.


> -----Original Message-----
> From: Sandor Spruit []
> Sent: Monday, November 17, 2003 6:07 AM
> To:
> Subject: Refined authentication: directory open for users, subdirectory
> for subgroup of users?
> Hello all,
> Having studied the authentication example more carefully, I now realize 
> how lazy I've been last Thursday - when I posted a question answered in 
> the Cocoon 2.1.x documentation. Sorry for that :) Still, I haven't been 
> able to get *exactly* what I had in mind. I'm even wondering whether it 
> is possible at all! I would like a file system stucture like this:
> <cocoon root>
>     students
>        group 1
>           student A
>           student B
>           ...
>           student Z
>        group 2
>        ...
>        group N
> I've a directory on my file system called 'students' below the root of 
> my Cocoon-based webapp. I can protect this directory, using the method 
> outlined in the 'authentication-fw' sample that comes with Cocoon. Now 
> I'd like to give access to the subdirectories, based on user subgroups:
> All students can access students/*
> Students in group 1 has additional access to students/group1/*
> Student A has additional access to students/group1/studentA/*
> etc.
> I could use a handler (as per the authentification framework) with an 
> internal pipeline. An XML doc for userlist, filter it using parameters 
> and a XSL-transformer. There are two ways to get this done, I think:
> 1. Authentification elements in the subsitemap in each (sub)directory
> 2. Detailed matching, multiple (nested?) elements at the top level
> The problem is that I want students to study and edit their own sitemap. 
> Option #1 exposes the entire authentification mechanism to the students. 
> Option #2 would require me to define all the pipelines in the toplevel 
> sitemap, bypassing any subsitemaps in the students' directories. Right?!
> Any hints much appreciated,
> Sandor Spruit
> --
> Information and Computing Sciences, Utrecht University
> Contact information, see:
> "Our minds are harnessed by knowledge, by the hill and the will
> to succeed". From: Fish, "Vigil in a wilderness of mirrors"
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message