>>
Looking in the authentication code, the role doesn't appear to be used other
than it's placed in the session context for future use. So...
<<
That is correct.
>>
2.) use the portal (cocoon's) as i'm fairly certain it's used there to
distinguish between the various portal variants.
<<
Also correct. The role is used in the portal so that you can set up
different portals for say "users" vs. "gurus" vs. "admins".
As explained in the documentation, the authentication pipeline must return
XML if the user could be authenticated - the format of that XML is thus:
>>
<authentication>
<ID>Unique user ID</ID>
<role>user role</role> <!-- optional -->
<data>
<!-- application specific data for the user -->
</data>
</authentication>
>>
Notice that the <role> is optional and is only required if you are using the
authentication and portal together. And of course you can use the
authentication framework without the portal.
<plug mode="cheeky">
Did I mention that we offer great Cocoon training courses :-)
</plug>
Matthew
--
Open Source Group Cocoon { Consulting, Training, Projects }
=================================================================
Matthew Langham, S&N AG, Klingenderstrasse 5, D-33100 Paderborn
Tel:+49-5251-1581-30 [EMAIL PROTECTED] - http://www.s-und-n.de
-----------------------------------------------------------------
Cocoon book:
http://www.amazon.com/exec/obidos/ASIN/0735712352/needacake-20
Weblog:
http://radio.weblogs.com/0103021/
=================================================================
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 17, 2002 11:40 AM
To: [EMAIL PROTECTED]
Subject: Re: [C 2.1 CVS] - About roles in user Authentication
Looking in the authentication code, the role doesn't appear to be used other
than it's placed in the session context for future use. So...
1.) you can make use of it somehow by accessing the session context
(authorization I believe)
2.) use the portal (cocoon's) as i'm fairly certain it's used there to
distinguish between the various portal variants.
The RoleFilterTransformer doesn't appear to use this. Rather it uses the
J2EE role found in... web.xml??? I forget, but basically it calls
request.isUserInRole().
Actually I'm assuming it's using hte j2ee role and not the cocoon role. So
maybe you need to look in the request.isUserInRole mehtod to make sure.
MD
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
