cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JD Daniels ...@datatrio.com>
Subject Re: Registering own Authentication Manager
Date Tue, 26 Oct 2004 16:31:34 GMT
Uh oh.. why is that a "bad way"? The authentication manager has always 
confused the heck out of me,  I modified HibernateAuthenticator.java 
from the sample on the wiki so that it doesn't write any role 
information, scrapped all the configurationmanager stuff, made a java 
user object with a Set containing roles, in my hibernate mapping file, 
set lazy to false, and wrote a basic flow app to add, remove, edit 
users, and have this in my user.java:

    public boolean isUserInRole(String role)
    {
        boolean result = false;
        Iterator i = this.roles.iterator();
        while ( i.hasNext() )
        {
            Role tmpRole = (Role)i.next();
            if (tmpRole.getName().equals(role)){result=true;}
        }
        return result;
    }

I call my pipelines from flow something like:

    if (auth_isAuthenticated("auth-handler"))
    {
        if(cocoon.session.getAttribute("usr").isUserInRole("User Admin"))
        {
                cocooon.sendPage("yadada");
         }
     }
     else
      {
            cocoon.sendPage("nopermissions");
       }

Is this the kind of thing you did? If so, why do you think it is bad, 
and what would be a better idea?

JD


Hugo Burm wrote:

>I needed something like this, so I used the standard flow example to do
>authentication with the default Authentication manager and then implemented
>some "after-burner" in flow script that checked whether the role of the user
>(which was already authenticated at that point) had sufficient rights for
>the area he wanted to access. This is a bad solution (but it works for
>me...)
>
>Then I checked how the (old) portal solved this. They use the default
>authentication manager to login, and then there is an action that checks for
>each portlet whether the user has sufficient rights for this portlet.
>
>All Authentication manager methods in the Authentication framework depend on
>the username only. I would be interested in an implementation where a role
>is involved.
>
>For a post related to this subject see
>http://marc.theaimsgroup.com/?l=xml-cocoon-users&m=108195396222907&w=2
>(see the last paragraph about the role issue).
>
>
>  
>
>>-----Original Message-----
>>From: Frangos, Nick (SAPOL) [mailto:nick.frangos@police.sa.gov.au]
>>Sent: Tuesday, October 26, 2004 1:40 AM
>>To: 'users@cocoon.apache.org'
>>Subject: RE: Registering own Authentication Manager
>>
>>
>>For your curiosity:
>>I want to use my own AuthenticationManager to do role based
>>authentication.
>>I have already written an Authenticor, which gets the users
>>info, along with
>>there roles. But based on the roles, I want access-control to
>>certain areas
>>of the sitemap.
>>
>>
>>Nick Frangos
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>For additional commands, e-mail: users-help@cocoon.apache.org
>
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message