You should investigate the authentication framework block before you go too far down the road. It provides much of the functionality you are looking for. We have just completed integrating Cocoon's authorization framework with JAAS and had to write to components to do it. The first component is authentication generator to perform the authentication and return the required XML to the framework, along with the data to be associated with the user. The generator creates an object which actually performs the authentication. This object is saved in the session for later use.
The second component is a PermissionSelector which is very similar to the ExceptionSelector. When configuring the selector you define the permissions that can be checked and then the selector actually checks to see if the end user has the requested permission. The selector uses the object saved in the session by the generator to do the permission check. Ralph > -----Original Message----- > From: Gianluca Sartori [mailto:[EMAIL PROTECTED] > Sent: Tuesday, December 09, 2003 7:08 AM > To: [EMAIL PROTECTED] > Subject: Authentication and Autorization > > > Hi all, > > I'm adapting an authentication/authorization system we > are using within > normal JSP/servet pages. It consists of a simple class which must be > instantiated at the beginning of the page. It knows where to redirect > the user for authentication and within the JSP/Servlet you can use its > methods to get user information such as the username, fullname, > telephone, etc. > > What's the best place to incapsulate the funcionalities > provided by this > class? I'm buiding an action for authentication purposes and I plan to > develop a logicsheet to incapsulate authorization primitives so I can > declaratively decide whether to make available some data or not > depending on the current user role. > > Is this the way to go? I thought about incapsulate my class into an > action, but this way I don't know how to take authorization decisions. > For example I need one "edit" link if the user has the "Editors" role, > but none if s/he has the "User" role. I don't want to create two > different pages for this. > > Any help? > > Thanks, > Gianluca > > -- > Gianluca Sartori ELIS - SIE - Software Development > > Via Sandro Sandri, 81 (tel) +39 06.43.56.03.55 > 00159 Rome - Italy (fax) +39 06.43.56.03.99 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
