Okay, that probably solves my problem!
> -----Original Message-----
> From: Carsten Ziegeler [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, September 21, 2004 4:08 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Cocoon and security (JAAS or J2EE??)
>
> Bart Molenkamp wrote:
> >
> > I'm currently using that block, and wrote a pipeline that
> > simply puts the request.getUserPrincipal().getName() (or
> > whatever the API call is
> > exactly) to authenticate a user (well, the user is already
> > authenticated but it lets the authentication framework know
> > that the user is authenticated). That works fine.
> >
> > I also know that I can protect documents with that framework,
> > but how can I specify that only users with a specific role
> > can view that document (pipeline)? Do I need to write my own
> > sitemap components for that (e.g. an action)?
> >
> This is one solution, yes.
>
> But you can also include the role information in the authenticator,
> which means the Document you return could add a "guest" element,
> if the user is in this role etc.
> Then in the sitemap, the auth-protect action that you use to
> protect your pipeline, returns all elements as keys to the
> included sitemap components:
> <act type="auth-protect">
> <!-- Conf for action -->
> <!-- You can check for the "guest" role here: -->
> </act>
>
> You can do the test with the parameter selector, e.g.
>
> HTH
> Carsten
