Having changed from a PHP-based public site, to a Magnolia-based one,
I'm looking at changing a PHPlib-constrained secure (SSL) site over to a
magnolia-based one. I intend to use DataSourceRealm & Form-based
authentication to constrain resources. I can connect the API to the
table of users used by PHPlib.
I tend to think on Magnolia security as something you implement for
content providers rather than your site users. Does anyone use Magnolia
security for their site users? Is there a user limit, or number that
becomes cumbersome if exceeded?
Sometimes I customize a pages navigation according to role. I know I can
redirect to alternate pages according to role, and have done that, but
have found I can check for roles in the users session and display
particular links if they have the role.
I'd like to use SimpleNavigation to generate my site tree, but can't
think of a way customize it based on DataSourceRealm role. If a user is
denied access to a resource, it gets suppressed from appearing in
SimpleNavigation, doesn't it?
If I did deny access to a resource, and simpleNavigation could test and
supress links according to the roles in the container realm as well as
the Magnolia realm, I think that those (container authenticated users)
who had the link would be prompted to log on by Magnolia security (a
second login).
I know there are issues with allowing other processes to interface with
Magnolia security, and this may be an apples (container security) to
oranges (Magnolia security) kind of thing, but maybe someone has a
completely different approach to this sort of issue?
Since interfacing with Magnolia security doesn't seem plausible, I guess
I need to code a custom method using Magnolia API that produces a list
like SimpleNavigation but also uses
'request.isUserInRole("some_sub_group")' when deciding to show a link or
not? I don't know how to complie taglibs, so would just put the
scriptlet in a leftnav.jsp file.
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
