Per Kreipke wrote: > > > I think that the restriction you describe (one role per user) > means that the > SunRise authentication is potentially mis-using the word 'role'. You're > using it to denote a profile name, nothing more. It'll never > really replace > (or integrate with) roles in the Servlet or permissions sense if it's > restricted to one role at a time. > No, I don't agree with your definition of 'role' - take acting as an example. A role in acting is one single role and not a bunch of possible roles an actor plays. - If an actor plays several persons he plays several roles but not a role with a comma separated list.
If you login into a system (and this is not related to Cocoon but to any system), you get a specific role with this login - you are either manager, administrator, user or guest - you are not at the same time manager and guest. That doesn't make sense. You can be either manager and guest, theoretically - but at one time you are only one of them. And you can switch your role. If you need this list of possibilities, I would suggest to not use the 'role' entry, but a 'roles' entry. The authentication framework is flexible and can handle this automatically. So, the authentication framework fits nicely into the servlet role handling. Carsten --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
