Re: [Rife-users] Impl. HTTP Basic Authentication

Wed, 04 Jan 2006 03:36:03 -0800 

thusly spake Geert Bevin:
> 
> instead of trying to explain it differently, I implemented 
> an element that provides you with basic HTTP authentication, 
> integrated with RIFE's memory users.
> 
> You can find it here:
> http://rifers.org/wiki/display/RIFE/HTTP+authentication

This code works fine.  Thanks !

I need to have this code set cookies, for compatibility 
with other code, and I see that the relevant code is in
com.uwyn.rife.authentication.elements.Authenticated.startNewSession().
I wonder if it might make sense to have HttpAuthentication 
_extend_ Authenticated, or perhaps even RoleUserAuthenticated ? 
Perhaps not ... The code as-is is a good example of how 
to write your own standalone authentication element  :) 

Also, I would like HttpAuthentication to accept a _set_ of 
roles, so that a user could login who has _any_ of these 
roles, and then an exit is selected based on the role.
Like so:

        [ sitemap ]
        <element id="HTTPAUTH" implementation="wa.authent.HttpAuthent">
           <property name="role">role1 role2 role3</property>
        </element>

        [ HttpAuthentication ]
        if (theRole.equals ("role1")) redirect ("/foo/menu");
        if (theRole.equals ("role2")) redirect ("/bar/menu");
        if (theRole.equals ("role3")) redirect ("/byob/menu");

I guess then that code for credentials validation could be 
 modified to try each username+password+role combination, 
until one succeeds: 

        SessionManager  sessionMgr = MemorySessionsFactory.getInstance();
        SessionValidator validator = new MemorySessionValidator();
        MemoryUsers credentialsMgr = MemoryUsers.getRepInstance();
        validator.setCredentialsManager(credentialsMgr);
        validator.setSessionManager(sessionMgr);
        validator.setRememberManager(null);

        String username = cred_arr[0];
        String password = cred_arr[1];
        List<String> roles = StringUtils.unpack(getPropertyString("role")); 
        for (String role : roles) {
            RoleUser credentials = new RoleUser(username, password, role);
            if (credentials.validate()) { 
                // succeeded; select appropriate exit
                [..] 


thx

fred

-- 
F.Baube                *  
Georgetown/MSFS/1988   *  Think pangalactically. 
fbaube#saunalahti.fi   *  Act locally.
 gsm  +358 41 536 8192 *  
 wmd   60°11'10.8"N 24°57'36.9"E

_______________________________________________
Rife-users mailing list
[email protected]
http://www.uwyn.com/mailman/listinfo/rife-users

Reply via email to