Hi Matthias,
I was thinking along the same lines, but instead with something
generic, like:
<property name="role">
<list>
<item>Client</item>
<item>Admin</item>
</list>
</property>
This would then create a list with those two item added to it.
When used with Java to build the element, this would even be easier:
.addProperty("role", Arrays.asList(new String[] {"Client", "Admin"}));
What do you think?
Best regards,
Geert
On 22 May 2008, at 12:51, Matthias Barmeier wrote:
>
> Hi Geert,
>
> actually I have already implemented the comma separated roles ;).
> But I
> thought I have missed something in the docs as usual.
>
> I think it is OK to say that roles should not contain a comma. The
> easiest solution would be to add a property named roles where a comma
> separated list of roles can be entered. This should solve 98% of the
> needs.
>
> I don't like separators too and the cleanest way I think is
> something like:
>
> <element id="AuthClient" extends="rife/authenticated/
> memory.xml">
> <property name="password_encryption">SHA</property>
> <roles>
> <role name="Admin"/>
> <role name="Client"/>
> </roles>
> <property name="authvar_type">cookie</property>
> <property name="template_name">authentication.admin</
> property>
> <submission name="credentials">
> <param name="login"/>
> <param name="password"/>
> </submission>
>
> <childtrigger name="authid"/>
> </element>
>
> But is it really a restriction to disallow role names with commas ?
>
> Ciao
> Matthias
>
>
> Geert Bevin schrieb:
>> Hi Matthias,
>>
>> properties are key-value pairs, so if you set it multiple times, the
>> last one will replace the earlier one. However, I'm surprised that I
>> never ran into this multiple role problem before. Now that I think of
>> it, I always had clearly defined sections of the sites I developed
>> where when authentication was used, there was always one role that
>> corresponded. When several roles applied, I always had information to
>> show to everyone, and I used the user identification facility
>> (http://rifers.org/wiki/display/RIFE/User+identification+facility
>> ).
>>
>> Now, you should be able to quite easily support multiple roles for
>> authentication elements since you already have a custom
>> CredentialsManager. You could for instance separate different roles
>> with commas and then adapt your verifyCredentials(Credentials) method
>> to properly handle the separation of the roles.
>>
>> I'd like to support this by default in RIFE though since it seems
>> like
>> a shameful oversight. Have to think about how to best do this in a
>> backwards compatible way (you never know if someone uses commas in
>> his
>> role names!).
>>
>> Hope this helps,
>>
>> Geert
>>
>>
>> On 22 May 2008, at 11:34, Matthias Barmeier wrote:
>>
>>
>>> Hi,
>>>
>>> My CredentialsManager works perfect evrything looked good but now
>>> I am
>>> stuck again. I have an Element that can be used from admins and
>>> users. I
>>> defined this with:
>>>
>>> <element id="AuthClient" extends="rife/authenticated/
>>> memory.xml">
>>> <property name="password_encryption">SHA</property>
>>> <property name="role">Client</property>
>>> <property name="role">Admin</property>
>>> <property name="authvar_type">cookie</property>
>>> <property name="template_name">authentication.admin</
>>> property>
>>> <property
>>> name
>>> =
>>> "credentialsmanagerfactory_class
>>> ">de.sourcepark.ms2.rife.MS2CredentialsManagerFactory</property>
>>> <submission name="credentials">
>>> <param name="login"/>
>>> <param name="password"/>
>>> </submission>
>>>
>>> <childtrigger name="authid"/>
>>> </element>
>>>
>>> and
>>>
>>> <element id="CustomerChangePw"
>>>
>>> implementation="de.sourcepark.ms2.rife.customer.EditCustomerPw"
>>> url="/customerchangepw" inherits="AuthClient">
>>> <inbean name="customer" prefix="pre_"
>>>
>>> classname="de.sourcepark.ms2.rife.customer.CBCustomerPwEdit"/>
>>> <autolink srcexit="CustomerList"/>
>>> </element>
>>>
>>> Everything works fine when I login with accounts that have the admin
>>> rolle assigned to. When I try to login as normal user I always get
>>> an
>>> invalid credentials error.
>>>
>>> When debugging my CredentialsManager I checked the credentials I get
>>> as
>>> parameter in the verifyCredentials method the credentials with
>>> password
>>> and username as expected but the role is always set to Admin. When I
>>> remove the Admin role form the AuthClient element the role is always
>>> set
>>> to Client. Shouldn' t the credentials given containing all the roles
>>> allowed for the element ?
>>>
>>> Where is my fault ?
>>>
>>
>> --
>> Geert Bevin
>> Terracotta - http://www.terracotta.org
>> Uwyn "Use what you need" - http://uwyn.com
>> RIFE Java application framework - http://rifers.org
>> Music and words - http://gbevin.com
>>
>>
>>>
>>
>
> >
--
Geert Bevin
Terracotta - http://www.terracotta.org
Uwyn "Use what you need" - http://uwyn.com
RIFE Java application framework - http://rifers.org
Music and words - http://gbevin.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"rife-users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rife-users?hl=en
-~----------~----~----~----~------~----~------~--~---
