Return-Path: 
 <users-return-78399-apmail-cocoon-users-archive=cocoon.apache.org@cocoon.apache.org>
Delivered-To: apmail-cocoon-users-archive@www.apache.org
Received: (qmail 24688 invoked from network); 6 Apr 2005 21:29:28 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 6 Apr 2005 21:29:28 -0000
Received: (qmail 91044 invoked by uid 500); 6 Apr 2005 21:29:21 -0000
Delivered-To: apmail-cocoon-users-archive@cocoon.apache.org
Received: (qmail 90992 invoked by uid 500); 6 Apr 2005 21:29:20 -0000
Mailing-List: contact users-help@cocoon.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:users-help@cocoon.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@cocoon.apache.org>
List-Post: <mailto:users@cocoon.apache.org>
Reply-To: users@cocoon.apache.org
Delivered-To: mailing list users@cocoon.apache.org
Received: (qmail 90974 invoked by uid 99); 6 Apr 2005 21:29:20 -0000
X-ASF-Spam-Status: No, hits=1.7 required=10.0
	tests=FROM_ENDS_IN_NUMS,PRIORITY_NO_NAME,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: domain of szefu18@op.pl designates
 213.180.130.30 as permitted sender)
Received: from smtp2.poczta.onet.pl (HELO smtp2.poczta.onet.pl)
 (213.180.130.30)
  by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 06 Apr 2005 14:29:19 -0700
Received: from 62-29-144-72.ols.vectranet.pl ([62.29.144.72]:5388 "EHLO
	[62.29.144.72]") by ps2.test.onet.pl with ESMTP id <S1410908AbVDFV2S>;
	Wed, 6 Apr 2005 23:28:18 +0200
Date: Wed, 6 Apr 2005 23:30:47 +0200
From: Grzegorz Sikora <szefu18@op.pl>
Reply-To: Grzegorz Sikora <szefu18@op.pl>
X-Priority: 3 (Normal)
Message-ID: <15635222607.20050406233047@op.pl>
To: "Messing, Elad" <users@cocoon.apache.org>
Subject: Re: Authorization (not Authentication) in Cocoon Auth. framework
In-Reply-To: 
 <4202DDA3828BD24D9381128D46B13D2B01ED7C53@ktaemail01.villa-bosch.de>
References: 
 <4202DDA3828BD24D9381128D46B13D2B01ED7C53@ktaemail01.villa-bosch.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1250
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Hello Elad,

Wednesday, April 6, 2005, 2:20:12 PM, you wrote:


ME> Context etc. This is good, but I also need to check if the
ME> user - now that I know it has been authenticated - has the
ME> authorization of accessing the specific resource.

ME> ������� I was looking for an "Authorizator" interface, or
ME> something similar, to allow me a hook where I can introduce the
ME> code that will use the user's Role, with my database of
ME> permissions. I cannot seem to find it..

AFAIK despite what doc says: "One central point in building a web application is
authentication and authorization. The Cocoon authentication framework is a flexible module for authentication, authorization and user management."
- Cocoon dont have any resource authorization support. I've created
for own usage slighty modificated auth-protect action which is role
sensitive. It looks like ordinary auth-protect action but requires
role list which can access body of action (stuff between
<map:act></map:act>). If role doesnt match user is redirected to
page with info 'insufficient privileges'.

It's really simple, just look at source code of this
action to get idea how to modify it. Anyway I can send you pice of code...
-- 
Best regards,
 Grzegorz Sikora


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org