I tried to find details in docs and samples, but seems I am quite stupid :) Possibly I missed something improtant? I am currently developing kind of skeleton and guidelines for quite large application to be used for long time - so I want to make things as standard as possible.
Questions are about roles and authorisation/access delimeting.
I understood well (ok, I hope :) ) how authentication works. But what is with authorisation?
Suppose I have some number of roles in authentication xml produced by authentication resource like described here http://cocoon.apache.org/2.1/developing/webapps/authentication.html
Is there any standart mechanism to allow access for particular resources / sitemap parts depending upon roles user has? Something like RoleMatcher?
Another question is about authentication xml format - same doc says quite foggy about multiple roles.
would this be correct? :
<authentication>
<ID>Unique ID of the user in the system</ID>
<roles>
<role>rolename1</role>
<role>rolename2</role>
</roles>
<data>
Any additional optional information can be supplied here.
This will be stored in the session for later retrieval
</data>
</authentication>Any info appreciated.
Andrei Lunyov
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
