Thaks a lot! ;) Gianluca
Il mer, 2003-12-10 alle 16:55, Ralph Goers ha scritto: > The Cocoon authentication framework does not provide the generator or > PermissionSelector I described below. I wrote those two components for our > needs. Sorry if I misled you, but I was trying to illustrate how you can > tie Cocoon's authentication framework to your own. Basically, you need to > write a generator. The documentation on the authentication framework is at > http://cocoon.apache.org/2.1/developing/webapps/authentication.html. > > As far as redirecting to different pages based upon permissions, that is > only one possibility. It is entirely possible to pass permissions as XML > into a stylesheet to cause the page to be generated differently based on > permissions. > > Ralph > > > -----Original Message----- > > From: Gianluca Sartori [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, December 10, 2003 12:05 AM > > To: [EMAIL PROTECTED] > > Subject: RE: Authentication and Autorization > > > > > > So I use a generator to get User info. Then with the > > PermissionSelector > > I can decide what to do. Uhmm, This means I must redirect to different > > pages depending on permission owned by the user? (stupid question, I > > know, but I'm still studying cocoon, it's a big beast...). > > Sometimes it > > is useful to move the logic from the sitemap into the page and take > > decision in there instead of having multiple pages for each user type. > > Or at least, this is what I've done till now. Probably is not so > > different, anyway. > > > > > The second component is a PermissionSelector which is very > > similar to the > > > ExceptionSelector. When configuring the selector you define > > the permissions > > > that can be checked and then the selector actually checks > > to see if the end > > > user has the requested permission. The selector uses the > > object saved in the > > > session by the generator to do the permission check. > > > > I'll check. Could you point me to some documentation if it exists? > > > > > > Thanks for all, > > Gianluca > > > > > > > > > Ralph > > > > > > > -----Original Message----- > > > > From: Gianluca Sartori [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, December 09, 2003 7:08 AM > > > > To: [EMAIL PROTECTED] > > > > Subject: Authentication and Autorization > > > > > > > > > > > > Hi all, > > > > > > > > I'm adapting an authentication/authorization system we > > > > are using within > > > > normal JSP/servet pages. It consists of a simple class > > which must be > > > > instantiated at the beginning of the page. It knows where > > to redirect > > > > the user for authentication and within the JSP/Servlet > > you can use its > > > > methods to get user information such as the username, fullname, > > > > telephone, etc. > > > > > > > > What's the best place to incapsulate the funcionalities > > > > provided by this > > > > class? I'm buiding an action for authentication purposes > > and I plan to > > > > develop a logicsheet to incapsulate authorization > > primitives so I can > > > > declaratively decide whether to make available some data or not > > > > depending on the current user role. > > > > > > > > Is this the way to go? I thought about incapsulate my > > class into an > > > > action, but this way I don't know how to take > > authorization decisions. > > > > For example I need one "edit" link if the user has the > > "Editors" role, > > > > but none if s/he has the "User" role. I don't want to create two > > > > different pages for this. > > > > > > > > Any help? > > > > > > > > Thanks, > > > > Gianluca > > > > > > > > -- > > > > Gianluca Sartori ELIS - SIE - > > Software Development > > > > > > > > Via Sandro Sandri, 81 (tel) +39 > > 06.43.56.03.55 > > > > 00159 Rome - Italy (fax) +39 > > 06.43.56.03.99 > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > -- > > Gianluca Sartori ELIS - SIE - Software Development > > > > Via Sandro Sandri, 81 (tel) +39 06.43.56.03.55 > > 00159 Rome - Italy (fax) +39 06.43.56.03.99 > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Gianluca Sartori ELIS - SIE - Software Development Via Sandro Sandri, 81 (tel) +39 06.43.56.03.55 00159 Rome - Italy (fax) +39 06.43.56.03.99 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
