Re: Registering own Authentication Manager

Tue, 26 Oct 2004 08:32:24 -0700

Uh oh.. why is that a "bad way"? The authentication manager has always confused the heck out of me, I modified HibernateAuthenticator.java from the sample on the wiki so that it doesn't write any role information, scrapped all the configurationmanager stuff, made a java user object with a Set containing roles, in my hibernate mapping file, set lazy to false, and wrote a basic flow app to add, remove, edit users, and have this in my user.java:

   public boolean isUserInRole(String role)
   {
       boolean result = false;
       Iterator i = this.roles.iterator();
       while ( i.hasNext() )
       {
           Role tmpRole = (Role)i.next();
           if (tmpRole.getName().equals(role)){result=true;}
       }
       return result;
   }

I call my pipelines from flow something like:

   if (auth_isAuthenticated("auth-handler"))
   {
       if(cocoon.session.getAttribute("usr").isUserInRole("User Admin"))
       {
               cocooon.sendPage("yadada");
        }
    }
    else
     {
           cocoon.sendPage("nopermissions");
      }

Is this the kind of thing you did? If so, why do you think it is bad, and what would be a better idea?

JD


Hugo Burm wrote:

I needed something like this, so I used the standard flow example to do
authentication with the default Authentication manager and then implemented
some "after-burner" in flow script that checked whether the role of the user
(which was already authenticated at that point) had sufficient rights for
the area he wanted to access. This is a bad solution (but it works for
me...)

Then I checked how the (old) portal solved this. They use the default
authentication manager to login, and then there is an action that checks for
each portlet whether the user has sufficient rights for this portlet.

All Authentication manager methods in the Authentication framework depend on
the username only. I would be interested in an implementation where a role
is involved.

For a post related to this subject see
http://marc.theaimsgroup.com/?l=xml-cocoon-users&m=108195396222907&w=2
(see the last paragraph about the role issue).




-----Original Message-----
From: Frangos, Nick (SAPOL) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 26, 2004 1:40 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Registering own Authentication Manager


For your curiosity:
I want to use my own AuthenticationManager to do role based
authentication.
I have already written an Authenticor, which gets the users
info, along with
there roles. But based on the roles, I want access-control to
certain areas
of the sitemap.


Nick Frangos





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to