cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Upayavira>
Subject Re: Authentication and Autorization
Date Tue, 09 Dec 2003 15:49:45 GMT
Gianluca Sartori wrote:

>Hi all,
>	I'm adapting an authentication/authorization system we are using within
>normal JSP/servet pages. It consists of a simple class which must be
>instantiated at the beginning of the page. It knows where to redirect
>the user for authentication and within the JSP/Servlet you can use its
>methods to get user information such as the username, fullname,
>telephone, etc.
>What's the best place to incapsulate the funcionalities provided by this
>class? I'm buiding an action for authentication purposes and I plan to
>develop a logicsheet to incapsulate authorization primitives so I can
>declaratively decide whether to make available some data or not
>depending on the current user role.
>Is this the way to go? I thought about incapsulate my class into an
>action, but this way I don't know how to take authorization decisions.
>For example I need one "edit" link if the user has the "Editors" role,
>but none if s/he has the "User" role. I don't want to create two
>different pages for this.
>Any help?
I've just done the same thing, and I used a combination of flow, Woody 
and JXTemplate to achieve it. I found it delightful to use.

If your component is just straight Java, then you can probably use it 
unmodified from Flow, and on the basis of its decisions decide which 
pages to show to users.

Regards, Upayavira

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message