I needed something like this, so I used the standard flow example to do authentication with the default Authentication manager and then implemented some "after-burner" in flow script that checked whether the role of the user (which was already authenticated at that point) had sufficient rights for the area he wanted to access. This is a bad solution (but it works for me...)
Then I checked how the (old) portal solved this. They use the default authentication manager to login, and then there is an action that checks for each portlet whether the user has sufficient rights for this portlet. All Authentication manager methods in the Authentication framework depend on the username only. I would be interested in an implementation where a role is involved. For a post related to this subject see http://marc.theaimsgroup.com/?l=xml-cocoon-users&m=108195396222907&w=2 (see the last paragraph about the role issue). > -----Original Message----- > From: Frangos, Nick (SAPOL) [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 26, 2004 1:40 AM > To: '[EMAIL PROTECTED]' > Subject: RE: Registering own Authentication Manager > > > For your curiosity: > I want to use my own AuthenticationManager to do role based > authentication. > I have already written an Authenticor, which gets the users > info, along with > there roles. But based on the roles, I want access-control to > certain areas > of the sitemap. > > > Nick Frangos > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
