cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grzegorz Sikora <>
Subject Re: Authorization (not Authentication) in Cocoon Auth. framework
Date Wed, 06 Apr 2005 21:30:47 GMT
Hello Elad,

Wednesday, April 6, 2005, 2:20:12 PM, you wrote:

ME> Context etc. This is good, but I also need to check if the
ME> user - now that I know it has been authenticated - has the
ME> authorization of accessing the specific resource.

ME>         I was looking for an "Authorizator" interface, or
ME> something similar, to allow me a hook where I can introduce the
ME> code that will use the user's Role, with my database of
ME> permissions. I cannot seem to find it..

AFAIK despite what doc says: "One central point in building a web application is
authentication and authorization. The Cocoon authentication framework is a flexible module
for authentication, authorization and user management."
- Cocoon dont have any resource authorization support. I've created
for own usage slighty modificated auth-protect action which is role
sensitive. It looks like ordinary auth-protect action but requires
role list which can access body of action (stuff between
<map:act></map:act>). If role doesnt match user is redirected to
page with info 'insufficient privileges'.

It's really simple, just look at source code of this
action to get idea how to modify it. Anyway I can send you pice of code...
Best regards,
 Grzegorz Sikora

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message