Return-Path: Delivered-To: apmail-cocoon-users-archive@www.apache.org Received: (qmail 20633 invoked from network); 9 Dec 2003 15:51:12 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 9 Dec 2003 15:51:12 -0000 Received: (qmail 19251 invoked by uid 500); 9 Dec 2003 15:50:57 -0000 Delivered-To: apmail-cocoon-users-archive@cocoon.apache.org Received: (qmail 19230 invoked by uid 500); 9 Dec 2003 15:50:56 -0000 Mailing-List: contact users-help@cocoon.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: users@cocoon.apache.org Delivered-To: mailing list users@cocoon.apache.org Received: (qmail 19217 invoked from network); 9 Dec 2003 15:50:56 -0000 Received: from unknown (HELO out2.smtp.messagingengine.com) (66.111.4.26) by daedalus.apache.org with SMTP; 9 Dec 2003 15:50:56 -0000 X-Sasl-enc: 5Hl6P2s87JufKcvRF6HdMg 1070985057 Received: from upaya.co.uk (unknown [213.48.13.34]) by www.fastmail.fm (Postfix) with ESMTP id 2577946ADE8 for ; Tue, 9 Dec 2003 10:50:57 -0500 (EST) Message-ID: <3FD5EF19.40704@upaya.co.uk> Date: Tue, 09 Dec 2003 15:49:45 +0000 From: Upayavira User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@cocoon.apache.org Subject: Re: Authentication and Autorization References: <1070982490.1493.144.camel@ego.elis.org> In-Reply-To: <1070982490.1493.144.camel@ego.elis.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Gianluca Sartori wrote: >Hi all, > > I'm adapting an authentication/authorization system we are using within >normal JSP/servet pages. It consists of a simple class which must be >instantiated at the beginning of the page. It knows where to redirect >the user for authentication and within the JSP/Servlet you can use its >methods to get user information such as the username, fullname, >telephone, etc. > >What's the best place to incapsulate the funcionalities provided by this >class? I'm buiding an action for authentication purposes and I plan to >develop a logicsheet to incapsulate authorization primitives so I can >declaratively decide whether to make available some data or not >depending on the current user role. > >Is this the way to go? I thought about incapsulate my class into an >action, but this way I don't know how to take authorization decisions. >For example I need one "edit" link if the user has the "Editors" role, >but none if s/he has the "User" role. I don't want to create two >different pages for this. > >Any help? > >Thanks, >Gianluca > > > I've just done the same thing, and I used a combination of flow, Woody and JXTemplate to achieve it. I found it delightful to use. If your component is just straight Java, then you can probably use it unmodified from Flow, and on the basis of its decisions decide which pages to show to users. Regards, Upayavira --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org For additional commands, e-mail: users-help@cocoon.apache.org