An Authentication Manager which handles roles would be the better way to do this, as you would not have to write any flow script. All that would be required is to pass in the role to the Authentication Manager, to gain access in a specific area of the sitemap. Is there any plans by Carsten and co. to implement something like this. I could write something myself, but as a general rule I try not to extend the cocoon framework but use it as is.
An alternative approach which I kind of like is to write a user roles Selector, and use that to control role based access. This was suggested in an earlier reply and I think it would work nicely because once the selector is written, the rest of the logic is contained within the sitemap itself. Nick Frangos -----Original Message----- From: Hugo Burm [mailto:[EMAIL PROTECTED] Sent: Tuesday, 26 October 2004 8:21 PM To: [EMAIL PROTECTED] Subject: RE: Registering own Authentication Manager I needed something like this, so I used the standard flow example to do authentication with the default Authentication manager and then implemented some "after-burner" in flow script that checked whether the role of the user (which was already authenticated at that point) had sufficient rights for the area he wanted to access. This is a bad solution (but it works for me...) Then I checked how the (old) portal solved this. They use the default authentication manager to login, and then there is an action that checks for each portlet whether the user has sufficient rights for this portlet. All Authentication manager methods in the Authentication framework depend on the username only. I would be interested in an implementation where a role is involved. For a post related to this subject see http://marc.theaimsgroup.com/?l=xml-cocoon-users&m=108195396222907&w=2 (see the last paragraph about the role issue). > -----Original Message----- > From: Frangos, Nick (SAPOL) [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 26, 2004 1:40 AM > To: '[EMAIL PROTECTED]' > Subject: RE: Registering own Authentication Manager > > > For your curiosity: > I want to use my own AuthenticationManager to do role based > authentication. > I have already written an Authenticor, which gets the users > info, along with > there roles. But based on the roles, I want access-control to > certain areas > of the sitemap. > > > Nick Frangos > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
