cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From footh <>
Subject RE: Authentication-fw: two quick questions
Date Wed, 24 May 2006 16:24:51 GMT
Thanks for the reply.

I was hoping for something a little bit simpler than
creating or modifying a transformer, like something
that was configurable in the sitemap.  I'll take a
look at those options though.

Every page flows through a single javaflow so I could
check for the Admin role there and control access to
pages in the admin section.  However, that would
require me to hardcode the admin directory in code
which I would hate to do.

I do pass a variable to the pages if the user is an
adminstrator so based on your suggestion, I might be
able to do something with that.  I'll give it a try.

--- Andrew Stevens <> wrote:

> >From: footh <>
> >Date: Tue, 23 May 2006 10:22:59 -0700 (PDT)
> >
> >I've newly implemented cocoon's auth-fw and have a
> >couple of questions.
> Unfortunately, I've not used the auth framework
> much, so I can't help with 
> the first one.
> >The second question has to do with roles.  I have a
> >protected area which has an admin section that only
> >users with the "admin" role can access.  Are there
> any
> >creative solutions for getting this to work with
> just
> >one auth handler?  I'd like for the user to only
> have
> >to login once (ie, not use a separate "admin
> >handler").
> RoleFilterTransformer, maybe?
> It'd be a bit tricky integrating that with the
> auth-fw, though, as it uses 
> the request's isUserInRole method rather than the
> authentication context the 
> auth-fw provides.  You could always create a servlet
> filter that extracts 
> the auth information from the session and overrides
> isUserInRole in a 
> request wrapper.  Or just use the
> RoleFilterTransformer as the basis for a 
> similar transformer that uses the role information
> from the context instead 
> of isUserInRole.
> Alternatively, you can use the session transformer
> to extract any role 
> information from the authentication context, then
> use it in an XSL template 
> to filter out other elements if the required role
> isn't in it.  See "Getting 
> information from the context" in 
> Hope this helps,
> Andrew.
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message