Bart Molenkamp wrote: > > Hi all, > > I've been looking for a good method of securing Cocoon web > applications. > I think that authentication/authorization via JAAS or via the > web container are good methods. Are there any implementations > available that integrate Cocoon and these security mechanisms? > > And if so, what are the possibilities of declarative security > and authorisation in sitemaps? E.g. declaring that a pipeline > can only be executed by users with a specific role? > You could use the authentication-fw block and write an own Authenticator for it. The authenticator is the connection between your Cocoon application and the used security mechanism.
I think a time ago there were some guys that have developed such an Authenticator - at least I think I saw it on the users list. Anyways, writing such an Authenticator is really simple. Once you have done this, you can configure it using the authentication framework and can then use declarative security in your sitemap (or in flow). You can test, if the user is authenticated, if he is in a role etc. HTH Carsten
