I made my own solution :) I use the auth-block from Cocoon. Then I added some permisions to user to define some actions they can do.
After that before I generate the new page I check if the user can the access to the page using <session:getxml>. I know this is not the best approach. But it initially works.... I am planning to create a new Action for the sitemap.The idea is to put this action after the standard user authentication. Once the user is authenticated (isLoggedIn). I can read some "permissions" of this user from the session. If the user "has" the permission to see the page the action return "OK". Then the generation continues. If not, I send a simple page: "You have not permission". Regards, Antonio Gallardo El Martes, 29 de Octubre de 2002 11:42, Bruno Dumon escribió: > On Tue, 2002-10-29 at 06:29, Ivelin Ivanov wrote: > > A few other people asked the same question recently. > > > > My personal believe is that security is orthogonal to Cocoon and belongs > > to the J2EE container. > > > > If you will have the time, please consider submitting a HOWTO patch to > > Cocoon's bugzilla on using Tomcat security with Cocoon. > > We used the Tomcat-security-approach in a project, so I quickly wrote > down some notes about how to do it. You can find it in the wiki: > http://outerthought.net/wiki/Wiki.jsp?page=AuthWithTomcat --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>