What happens if the XML in your authentication pipeline like this:
<authentication>
<ID>Unique ID of the user in the system</ID>
<roles>
<role>read-access</role>
<role>write-access</role>
</roles>
<data>
Any additional optional information can be supplied here.
This will be stored in the session for later retrieval
</data>
</authentication>
This is my situation, how can the ParameterSelector be used in this case
with the example code you provided?.
I was thinking of writing my own Selector which would have read the XML from
the session, then test the roles for the user against the test used for the
selector.
<map:select type="MySelector">
<map:when test=" read-access">
...
</map:when>
....
</map:select>
So if the user had this role contained in the authentication XML, then true
would be returned.
Nick Frangos
-----Original Message-----
From: Ralph Goers [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 27 October 2004 2:43 PM
To: [EMAIL PROTECTED]
Subject: Re: Registering own Authentication Manager
You don't need a new selector. Return the user's role in the XML from
your authentication pipeline like this:
<authentication>
<ID>Unique ID of the user in the system</ID>
<role>rolename</role> <!-- optional -->
<data>
Any additional optional information can be supplied here.
This will be stored in the session for later retrieval
</data>
</authentication>
Then use the ParameterSelector like this:
<map:select type="parameter">
<map:parameter name="parameter-selector-test"
value="{session-context:/authentication/role}"/>
<map:when test="Administrator">
...
</map:when>
<map:when test="ReqularUser">
...
</map:when>
<map:otherwise>
...
</map:otherwise>
</map:select>
This works if the user only has a single role.
Frangos, Nick (SAPOL) wrote:
>An Authentication Manager which handles roles would be the better way to do
>this, as you would not have to write any flow script. All that would be
>required is to pass in the role to the Authentication Manager, to gain
>access in a specific area of the sitemap. Is there any plans by Carsten and
>co. to implement something like this. I could write something myself, but
as
>a general rule I try not to extend the cocoon framework but use it as is.
>
>An alternative approach which I kind of like is to write a user roles
>Selector, and use that to control role based access. This was suggested in
>an earlier reply and I think it would work nicely because once the selector
>is written, the rest of the logic is contained within the sitemap itself.
>
>Nick Frangos
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
