Bart Molenkamp wrote: > > I'm currently using that block, and wrote a pipeline that > simply puts the request.getUserPrincipal().getName() (or > whatever the API call is > exactly) to authenticate a user (well, the user is already > authenticated but it lets the authentication framework know > that the user is authenticated). That works fine. > > I also know that I can protect documents with that framework, > but how can I specify that only users with a specific role > can view that document (pipeline)? Do I need to write my own > sitemap components for that (e.g. an action)? > This is one solution, yes.
But you can also include the role information in the authenticator, which means the Document you return could add a "guest" element, if the user is in this role etc. Then in the sitemap, the auth-protect action that you use to protect your pipeline, returns all elements as keys to the included sitemap components: <act type="auth-protect"> <!-- Conf for action --> <!-- You can check for the "guest" role here: --> </act> You can do the test with the parameter selector, e.g. HTH Carsten
