Guido Casper wrote:
var contextMan = cocoon.getComponent(Packages.org.apache.cocoon.webapps.session.ContextManager.ROLE);
var authContext = contextMan.getContext("authentication");
var userfrag = authContext.getXML("/authentication/ID");
var rolefrag = authContext.getXML("/authentication/data/role");
user.username = Packages.org.apache.cocoon.xml.dom.DOMUtil.getValueOfNode(userfrag);
user.role = Packages.org.apache.cocoon.xml.dom.DOMUtil.getValueOfNode(rolefrag);
Thank you very much for it.
If you have multiple roles adjust accordingly and better put it within a Java component.
Yes, and that's the reason I wanted to write my auth action.
There is also already an input module to pass this info from the sitemap via:
<map:parameter name="username" value="{session-context:authentication/authentication/ID}"/>
Thanks. This I found in the documentation but I don't like such stuff in sitemap. It's to much detailed, I like the sitemap clear.
I'm thinking of auth action similiar to the existing one but that additionallty have:
<map:parameter name="role" value="admin,editor">
and besides of checking if the user is authenticated it'll check if he is in specified role(s).
I've written this but encoutered problems with lost context.
Please note that the authentication context is only available from within protected sections.
O! Maybe this is the problem I'll check this. But does it mean that every map:match must be in auth-protect? What about the internal pipelines, resources, aggregations that are used from "first level" pipelines? Do they also have to to be protected?
Regards, mirko
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
