I've done mine as Carsten proposed, by using the parameters returned by the AuthAction in the pipeline. Works great for protecting multiple pages!
But if you want to show different things for different users, you will have to use the SessionTransformer. It can be done inside a xsp-page too, but at the moment there is a serious bug with the cocoon: protocol, which prevents one to run the xsp-page through the SessionTransformer before used as a source for the ServerPagesGenerator. Hope this gets fixed soon! -Tuomo On Thu, 5 Sep 2002, Antonio Gallardo Rivera wrote: > Hi Barbara I see you posting always! ;) Thanks, > > So.... Do you mean the best approach is to put the permission to every file > into the <data> element of the "auth-protect" action? Then check this > permission into each page? > > The auth-session data will return something like: > > <authentication> > <ID>userA</ID> > <data> > <create-category>true</create-category> > <edit-category>true</edit-category> > <create-product>false</create-product> > <edit-product>false</edit-product> > </authentication> > > Then in the beginning of each page, checks for: > > <<create-category>> > > <session:getxml > context="authentication" > path="authentication/data/create-category"> > > It will return true or false. > > In this way I can have only 1 handler. Is this the best approach? > > Antonio Gallardo > > > > El Jueves, 05 de Septiembre de 2002 00:42, Barbara Post escribió: > > Hello Antonio, you have somewhere a database, ldap directory or (for tests) > > an xml file storing ID, password, permissions for each user, and then the > > authentication simply happens the way you prefer, with an action etc. > > > > All the pages are protected by the same handler. > > > > Have a nice day, > > > > Babs > > > > ----- Original Message ----- > > From: "Antonio Gallardo Rivera" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, September 05, 2002 8:26 AM > > Subject: [Auth-framwork] - How to manage multiple documents. > > > > > > Hi buddies! > > > > I read about the auth-document in > > http://xml.apache.org/cocoon/developing/webapps/authentication.html > > > > Its a very nice authentication framework! > > > > I have just one question after read that: > > > > Given 4 pages to authenticate: > > > > a) create-category > > b) edit-category > > c) create-product > > d) edit-product. > > > > and 5 users: > > > > userA, userB, userC, userD, userE > > > > and this permission rules: > > > > UserA can acces only pages a,b,c,d > > UserB can acces only pages a,b > > UserC can access only pages: c,d > > UserD can access only pages: a,c > > UserE can access only pages: b,d > > > > How is the best approach to do that with Cocoon? > > > > Of course we dont want that the user need to write his user ID and password > > to > > access every page. > > > > What we can do? > > > > Regards, > > > > Antonio Gallardo > > > > --------------------------------------------------------------------- > > Please check that your question has not already been answered in the > > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > > For additional commands, e-mail: <[EMAIL PROTECTED]> > > > > > > > > --------------------------------------------------------------------- > > Please check that your question has not already been answered in the > > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > > For additional commands, e-mail: <[EMAIL PROTECTED]> > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> > > --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
