cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mirko <>
Subject Re: Authentication: access role info in sitemap
Date Fri, 28 May 2004 13:17:45 GMT
Guido Casper wrote:

> var contextMan = 
> cocoon.getComponent(;

> var authContext = contextMan.getContext("authentication");
> var userfrag = authContext.getXML("/authentication/ID");
> var rolefrag = authContext.getXML("/authentication/data/role");
> user.username = 
> user.role = 

Thank you very much for it.

> If you have multiple roles adjust accordingly and better put it within a 
> Java component.

Yes, and that's the reason I wanted to write my auth action.

> There is also already an input module to pass this info from the sitemap 
> via:
> <map:parameter name="username" 
> value="{session-context:authentication/authentication/ID}"/>

Thanks. This I found in the documentation but I don't like such stuff in 
sitemap. It's to much detailed, I like the sitemap clear.
I'm thinking of auth action similiar to the existing one but that 
additionallty have:
<map:parameter name="role" value="admin,editor">
and besides of checking if the user is authenticated it'll check if he 
is in specified role(s).
I've written this but encoutered problems with lost context.

> Please note that the authentication context is only available from 
> within protected sections.

O! Maybe this is the problem I'll check this. But does it mean that 
every map:match must be in auth-protect? What about the internal 
pipelines, resources, aggregations that are used from "first level" 
pipelines? Do they also have to to be protected?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message