Hi Geert,
actually I have already implemented the comma separated roles ;). But I
thought I have missed something in the docs as usual.
I think it is OK to say that roles should not contain a comma. The
easiest solution would be to add a property named roles where a comma
separated list of roles can be entered. This should solve 98% of the needs.
I don't like separators too and the cleanest way I think is something like:
<element id="AuthClient" extends="rife/authenticated/memory.xml">
<property name="password_encryption">SHA</property>
<roles>
<role name="Admin"/>
<role name="Client"/>
</roles>
<property name="authvar_type">cookie</property>
<property name="template_name">authentication.admin</property>
<submission name="credentials">
<param name="login"/>
<param name="password"/>
</submission>
<childtrigger name="authid"/>
</element>
But is it really a restriction to disallow role names with commas ?
Ciao
Matthias
Geert Bevin schrieb:
> Hi Matthias,
>
> properties are key-value pairs, so if you set it multiple times, the
> last one will replace the earlier one. However, I'm surprised that I
> never ran into this multiple role problem before. Now that I think of
> it, I always had clearly defined sections of the sites I developed
> where when authentication was used, there was always one role that
> corresponded. When several roles applied, I always had information to
> show to everyone, and I used the user identification facility
> (http://rifers.org/wiki/display/RIFE/User+identification+facility
> ).
>
> Now, you should be able to quite easily support multiple roles for
> authentication elements since you already have a custom
> CredentialsManager. You could for instance separate different roles
> with commas and then adapt your verifyCredentials(Credentials) method
> to properly handle the separation of the roles.
>
> I'd like to support this by default in RIFE though since it seems like
> a shameful oversight. Have to think about how to best do this in a
> backwards compatible way (you never know if someone uses commas in his
> role names!).
>
> Hope this helps,
>
> Geert
>
>
> On 22 May 2008, at 11:34, Matthias Barmeier wrote:
>
>
>> Hi,
>>
>> My CredentialsManager works perfect evrything looked good but now I am
>> stuck again. I have an Element that can be used from admins and
>> users. I
>> defined this with:
>>
>> <element id="AuthClient" extends="rife/authenticated/
>> memory.xml">
>> <property name="password_encryption">SHA</property>
>> <property name="role">Client</property>
>> <property name="role">Admin</property>
>> <property name="authvar_type">cookie</property>
>> <property name="template_name">authentication.admin</
>> property>
>> <property
>> name
>> =
>> "credentialsmanagerfactory_class
>> ">de.sourcepark.ms2.rife.MS2CredentialsManagerFactory</property>
>> <submission name="credentials">
>> <param name="login"/>
>> <param name="password"/>
>> </submission>
>>
>> <childtrigger name="authid"/>
>> </element>
>>
>> and
>>
>> <element id="CustomerChangePw"
>>
>> implementation="de.sourcepark.ms2.rife.customer.EditCustomerPw"
>> url="/customerchangepw" inherits="AuthClient">
>> <inbean name="customer" prefix="pre_"
>>
>> classname="de.sourcepark.ms2.rife.customer.CBCustomerPwEdit"/>
>> <autolink srcexit="CustomerList"/>
>> </element>
>>
>> Everything works fine when I login with accounts that have the admin
>> rolle assigned to. When I try to login as normal user I always get an
>> invalid credentials error.
>>
>> When debugging my CredentialsManager I checked the credentials I get
>> as
>> parameter in the verifyCredentials method the credentials with
>> password
>> and username as expected but the role is always set to Admin. When I
>> remove the Admin role form the AuthClient element the role is always
>> set
>> to Client. Shouldn' t the credentials given containing all the roles
>> allowed for the element ?
>>
>> Where is my fault ?
>>
>
> --
> Geert Bevin
> Terracotta - http://www.terracotta.org
> Uwyn "Use what you need" - http://uwyn.com
> RIFE Java application framework - http://rifers.org
> Music and words - http://gbevin.com
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"rife-users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rife-users?hl=en
-~----------~----~----~----~------~----~------~--~---
