> Could you please tease us with samples
> from your maveric.xml file?
Here it goes:
Global view defs:
<views>
<view id="authenticationFailed" type="redirect" path="/default.vm"/>
<view id="authenticationRequired" type="redirect" path="/default.vm"/>
<view id="authorizationFailed" type="redirect" path="/default.vm"/>
</views>
Login command that uses Login Controller (currently login controller
does nothing, but extends AuthenticationController - So I could just use
AuthenticationController):
<command name="login">
<controller class="authentication.LoginController">
<!-- form param is used by Validation Controller -> FormProc) -->
<param name="form" value="loginForm" />
</controller>
<view name="success" type="redirect" path="secure/introduction.m"/>
<view name="input" path="default.vm"/>
<view ref="authenticationFailed"/>
<view ref="authenticationRequired"/>
</command>
Settings command that uses MySettingsController that extends
AuthorizationController.
<command name="secure/settings">
<controller class="settings.MySettingsController">
<!--
rolesRequired parameter is used by AuthorizationController.
I simple use database to check if user is in particular role,
so I have usr table, role table and usr_role table
(for many-to-many associations).
-->
<param name="rolesRequired" value="administrator user" />
</controller>
<view name="success" path="/WEB-INF/web/secure/settings/default.vm"/>
<view ref="authenticationFailed"/>
<view ref="authenticationRequired"/>
<view ref="authorizationFailed"/>
</command>
> How do you configure views for a controller that
> extends from AuthorizationController?
Ok... the main thing is that I do not display anything to user that
needs a role that this particular user is not in. If user somehow
manages to get to a page (or someone - admin - changes his permissions
while user is using the system) that is protected, then I send user to a
logon page or whatever that tells the user that he was not part of
needed role and maybe he likes to log on with some other account and if
he logs with the same account that failed autherization, then this
function is not displayed to user anymore.
If I ever need to do one of these (Authentication, Authorization,
Validation) differently, then I just replace them with other
implementation, or maybe I write something that is even more modular and
pluggable runtime.
I'm also thinking that I could use transformations so I that I can write
views controllers like this:
<controller class="settings.MySettingsController">
<authorization>
<role-accepted>administrator</role-accepted>
<role-accepted>user</role-accepted>
</authorization>
</controller>
Or maybe I need to group roles to some groups like this:
Global definitions:
<authorization-groups>
<authorization-group id="administration">
<role-accepted>administrator</role-accepted>
</authorization-group>
<authorization-group id="powerUsers">
<role-accepted>administrator</role-accepted>
<role-accepted>powerUser</role-accepted>
</authorization-group>
<authorization-group id="normalUsers">
<role-accepted>administrator</role-accepted>
<role-accepted>powerUser</role-accepted>
<role-accepted>user</role-accepted>
</authorization-group>
</authorization-groups>
Then in controller I could use something like this:
<controller class="settings.MySettingsController">
<authorization ref="normalUsers">
</controller>
And then maybe I could transform that to:
<controller class="settings.MySettingsController">
<authorization>
<role-accepted>administrator</role-accepted>
<role-accepted>powerUser</role-accepted>
<role-accepted>user</role-accepted>
</authorization>
</controller>
That is finally translated to:
<controller class="settings.MySettingsController">
<param name="rolesRequired" value="administrator powerUser user" />
</controller>
What do you think?
Regards
Aapo Laakkonen
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
[INVALID FOOTER]
