RE: sunRise User Administration for Dummies

Sun, 13 Oct 2002 23:06:50 -0700 

Have you guys read the documentation? The authentication framework is
explained in detail here:
http://xml.apache.org/cocoon/developing/webapps/index.html

Let me know if you have any additional questions.

Matthew

--
Open Source Group       Cocoon { Consulting, Training, Projects }
=================================================================
Matthew Langham, S&N AG, Klingenderstrasse 5, D-33100 Paderborn
Tel:+49-5251-1581-30  [EMAIL PROTECTED] - http://www.s-und-n.de
-----------------------------------------------------------------
Cocoon book:
  http://www.amazon.com/exec/obidos/ASIN/0735712352/needacake-20
=================================================================



-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, October 12, 2002 3:07 AM
To: [EMAIL PROTECTED]
Subject: Re: sunRise User Administration for Dummies


I've looked at the user admin and the authentication in general.  (not the
sunrise scratchpad but what's now in the main branch).

As best as I can figure there's a generator that works with the
AuthenticationManager to create an interactive page to get users, a user,
roles, a role, create a user, create a role, update a user, delete a user,
delete a role.  These simply call the various corresponding resources that
you set up with the sitemap.xml (authentication manager section within the
components).  As far as I can tell nothing is really done with them apart
from what you do in the resource.  so the UI really calls the resource that
you configured and you do something with it.  Whatever occurs is not
automagically used within Cocoon's authentication.

Hypersonic appears to only be used for sample applications not for
authentication.  so no users, roles or the association between the two is
stored.  I've found absolutely no JDBC code within the authenication/session
pieces.

My reason for looking into this was from a scalability point of view.  I
like Hypersonic DB for prototyping but not for serious production code.  So
i was trying to make sure this wasn't being used at all for authenication.
The usage of resources allows you to use your own persistence mechanism,
e.g. LDAP, database, XML file, etc.

Also I was looking at the session management.  My gripe is that it uses
HttpSession and didn't make use of calling out to resources as the
authentication manager did.  If the user wanted to use HttpSession or the
database or... let them do that in the called resource.  So ideally there's
a getProperties and a saveProperties resource (oh well).

Also the roles is really confusing, as within the authentication manager
it's not used at all as far as I can tell (it's probably used in the
portal).  There's a roleFilterTransformer that goes off of the J2EE role
that you'd set for the web.xml and use the isUserInRole method.  That's all
the transformer does.  it doesn't actually use the role from the
authentication manager???  so these are unrelated pieces of code.

So the role information that you return from the authenication resource
appears to be left to the developer to make use of somehow, assuming they're
not using Cocoon's portal offering.  I'm fairly certain the portal uses the
role but I've not looked at the portal component at all.

hope that helps.  md





> At 19:57 11/10/2002 -0800, you wrote:
> >Hi Guys,
> >
> >Can anybody give me anything...
> >I really don't have any clear idea on how to start on this...
> >Any working samples...
> >
> >Thanks Again.
> >Richard
> >
> >---------------------------------------------------------
> >
> >----- Original Message -----
> >From: Richard Reyes
> >To: C2 Users
> >Sent: Friday, October 11, 2002 3:14 PM
> >Subject: sunRise User Administration for Dummies
> >
> >
> >Hi Guys,
> >
> >How does the SunRise User Administration function?
> >
> >Are the Roles and Users saved in a Database?
> >
> >Do we have any tutorials?
> >
> >Thanks in Advance...
> >
> >Richard
> >
> >---------------------------------------------------------------------
> >Please check that your question  has not already been answered in the
> >FAQ before posting.     <
TITLE="http://xml.apache.org/cocoon/faq/index.html>"
TARGET="_blank">http://xml.apache.org/cocoon/faq/index.html>
> >
> >To unsubscribe, e-mail:     <[EMAIL PROTECTED]>
> >For additional commands, e-mail:   <[EMAIL PROTECTED]>
>
>
> ---------------------------------------------------------------------
> Please check that your question  has not already been answered in the
> FAQ before posting.     <
TITLE="http://xml.apache.org/cocoon/faq/index.html>"
TARGET="_blank">http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail:     <[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <[EMAIL PROTECTED]>

---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>

Reply via email to