Ronald Wildenberg wrote: > Hi, > > I was thinking of using the pluggable security architecture of MMBase to > implement a custom authentication/authorization scheme. I have several > users that login via an external application. This application adds > headers to the request to confirm that the user was correctly > authenticated (e.g. groups=editor,sr_editor,admin). > > I would like to use this header information in the login method of my own > implementation of org.mmbase.security.Authentication. I thought to use the > 'parameters' parameter for this. However, there is no simple way of > providing parameters to the login method. The login method is used in the > constructor of BasicCloud, where this parameter is set to null. The > BasicCloud constructor is called from BasicCloudContext.getCloud, which is > again called from several places. > > Overriding all this code is not really an option but I would still like to > use some extra information to determine whether a user is allowed to > login. How is this best done?
You could use <mm:cloud method="delegate", I think. This will add request and response objects to your credentials map. Michiel -- Michiel Meeuwissen mihxil' Mediacentrum 140 H'sum [] () +31 (0)35 6772979 nl_NL eo_XX en_US
