forrest-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gunther Sablon <>
Subject Re: access control - user roles by sitemap
Date Wed, 21 Dec 2005 09:32:04 GMT
Dear Helena,
- the specification of the mechanism for authentication is specified in 
In particular, look for the different example realm sections.
- the specification of the authorisation can be specified in web.xml. 
In particular, in the security-constraint section you can specify
a) a web-resource-collection section which specifies a url-pattern
b) an auth-constraint section which specifies a sequence of roles.
In login-config you have to specify the authentication method.
In security-roles you have to list the different roles used in the 
auth-constraint sections.
Best regards,

Helena Edelson wrote:

> That should work,
> are you saying to handle auth in server.xml and parts in web.xml?
> thank you.
> helena
> Gunther Sablon wrote:
>> Hi,
>> we are running forrest as a webapp in Tomcat.
>> We use the authentication mechanisms of Tomcat:
>> - before we had users  in tomcat_users.xml; currently they are in 
>> LDAP (can be setup in server.xml)
>> - web.xml specifies the parts of the site that need authentication.
>> There is no connection to the sitemap, so maybe I have misunderstood 
>> your question...
>> Best regards,
>> Gunther
>> Helena Edelson wrote:
>>> thanks. will do.
>>> i am also working on i18n stuff. when i figure it out,
>>> i was thinking it might be help ful to write a how to.
>>> everything so far seems
>>> fractured in terms of the steps to take to implement.
>>> there are many if then's and info is everywhere, from
>>> docs to jira to cocoon docs..
>>> helena
>>> Ross Gardler wrote:
>>>> Helena Edelson wrote:
>>>>> Is there any way using sitemap  to manage user roles
>>>>> via a  login to control roles
>>>>> access to app pages for user_role_a
>>>>> disallow access for user_role_b type of thing?
>>>> Depends on whether you are running in dynamic mode or not.
>>>> In static mode you would have to use the mechanisms provided by 
>>>> your web server for protecting access to certain resources. On the 
>>>> Apache HTTPD server that would be using .htaccess files.
>>>> In this case you simply provide the relevant .htaccess files in 
>>>> along with your XDocs and they will (theoretically) be copied over 
>>>> when you build the site. I say theoretically because I have not, 
>>>> personally, tried this. Let us know if you try it and it works 
>>>> (preferably in the form of a contribution to our docs).
>>>> If you are running in dynamic mode you can, theoretically, use the 
>>>> Cocoon Authentication framework [1]. Again, I say theoretically 
>>>> because it I'm not aware of anyone having done this yet. If you 
>>>> want to go this route then it is really a dev topic, so please move 
>>>> this to the dev list where we can help guide you and (hopefully) 
>>>> you can write us a How-To on making it work.
>>>> Ross
>>>> [1] 

Gunther Sablon 
Luciad ** Parijsstraat 74 ** 3000 Leuven
tel:    +32 / 16 / 26 28 30

View raw message