RE: authorization of a subproject

Fri, 11 Jan 2002 10:09:43 -0800 

Pino,

We control access to our entire project using nested match patters like
this:

<map:match pattern="*">
        <map:act type="session-validator">
                <map:parameter name="descriptor"
value="context://descriptors/params.xml"/>
                <map:parameter name="validate" value="username,password"/>

                <map:match pattern="*.xhtml">
                        <map:read src="xhtml/{1}.xhtml"
mime-type="text/html"/>
                </map:match>

                ... other matchers...

        </map:act>
        <map:redirect-to uri="login"/>
</map:match>


The * match pattern is the first filtered match which then falls through to
other matchers.  In this manner the session-validator makes certain a vaild
session is available (with username and password which is set on
authorization).

Ciao,

Aaron


-----Original Message-----
From: Giuseppe Di Pierri [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 11, 2002 11:15 AM
To: [EMAIL PROTECTED]
Subject: authorization of a subproject


Hi Guys,

need help for easly manage Access Control Lists.

I would have more than one protected area, under which dozen of pages have
to be protected by means of session-validator action.

Is it possible to declare in sitemap.xmap (one level up to each protected
areas) something like that (not exactly the same of course ) ?


<map:match pattern="protected/*">
  <map:act type="session-validator">
    <map:parameter name="descriptor" value="params.xml"/>
    <map:parameter name="validate" value="username"/>
      <map:mount uri-prefix="protected" src="protected/"
check-reload="yes"/>
  </map:act>
  <map:redirect-to uri="AuthorizationFailure.html"/>
</map:match>

The purpose is to protect an entire subproject, without mention
session-validation for each of its pages.

Thank you in advance for your answer

Regards

Pino



---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>

---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>

To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>

Reply via email to