Hi,
I am modifying somebody else's Cocoon application.
I need to disallow users with some specific role
to see certain parts of the screen (pseudo-menu).
An existing mechanism for that is:
<xsl:variable name='isUser'
select='/root/secure:securityProfile/secure:roles/secure:role[.="mbr-user"]'/>
...
<xsl:if test='not($isUser)'>
<td><a href="sil/main_sil" target="_parent">
<img src="images/common/sitenav.gif" width="114" height="45"
border="0" /></a></td>
</xsl:if>
That "mbr-user" role is configured in web.xml & database,
the user has this role [defined in the database].
That seems to work on initial page [index.xsl],
but doesn't work on subsequent pages (in another folder).
Any clues why it doesn't and how to fix that?
(everything else works fine)
Thank you in advance,
Oleg.
--- Oleg Konovalov <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I am trying to configure my Cocoon application
> so that particular role has access only to
> the app root [login.xsl, index.xsl]
> but not to other directories.
>
> But is seems that as soon as I put "/" or "/*",
> it gets access to all directories under the root.
>
> Snippet from web.xml:
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>App Root only</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>role1</role-name>
> </auth-constraint>
> </security-constraint>
>
> How do I restrict access to the root only ?
>
>
> Thank you in advance,
> Oleg.
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
