Antonio, this is my approach since I have many pages/rights to check... and it seems that it's secure and (maybe too ?) simple to write... But maybe your further processing will work better with another approach. In my case xsl checks the right (indeed from session:getxml) and then displays one thing or another.
Interesting thread anyway :-) Barbara ----- Original Message ----- From: "Antonio Gallardo Rivera" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 05, 2002 9:08 AM Subject: Re: [Auth-framwork] - How to manage multiple documents. Hi Barbara I see you posting always! ;) Thanks, So.... Do you mean the best approach is to put the permission to every file into the <data> element of the "auth-protect" action? Then check this permission into each page? The auth-session data will return something like: <authentication> <ID>userA</ID> <data> <create-category>true</create-category> <edit-category>true</edit-category> <create-product>false</create-product> <edit-product>false</edit-product> </authentication> Then in the beginning of each page, checks for: <<create-category>> <session:getxml context="authentication" path="authentication/data/create-category"> It will return true or false. In this way I can have only 1 handler. Is this the best approach? Antonio Gallardo El Jueves, 05 de Septiembre de 2002 00:42, Barbara Post escribió: > Hello Antonio, you have somewhere a database, ldap directory or (for tests) > an xml file storing ID, password, permissions for each user, and then the > authentication simply happens the way you prefer, with an action etc. > > All the pages are protected by the same handler. > > Have a nice day, > > Babs > > ----- Original Message ----- > From: "Antonio Gallardo Rivera" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 05, 2002 8:26 AM > Subject: [Auth-framwork] - How to manage multiple documents. > > > Hi buddies! > > I read about the auth-document in > http://xml.apache.org/cocoon/developing/webapps/authentication.html > > Its a very nice authentication framework! > > I have just one question after read that: > > Given 4 pages to authenticate: > > a) create-category > b) edit-category > c) create-product > d) edit-product. > > and 5 users: > > userA, userB, userC, userD, userE > > and this permission rules: > > UserA can acces only pages a,b,c,d > UserB can acces only pages a,b > UserC can access only pages: c,d > UserD can access only pages: a,c > UserE can access only pages: b,d > > How is the best approach to do that with Cocoon? > > Of course we dont want that the user need to write his user ID and password > to > access every page. > > What we can do? > > Regards, > > Antonio Gallardo > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> > > > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]> --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
