From: footh <[EMAIL PROTECTED]>
Date: Tue, 23 May 2006 10:22:59 -0700 (PDT)
I've newly implemented cocoon's auth-fw and have a
couple of questions.
Unfortunately, I've not used the auth framework much, so I can't help with
the first one.
The second question has to do with roles. I have a
protected area which has an admin section that only
users with the "admin" role can access. Are there any
creative solutions for getting this to work with just
one auth handler? I'd like for the user to only have
to login once (ie, not use a separate "admin
handler").
RoleFilterTransformer, maybe?
It'd be a bit tricky integrating that with the auth-fw, though, as it uses
the request's isUserInRole method rather than the authentication context the
auth-fw provides. You could always create a servlet filter that extracts
the auth information from the session and overrides isUserInRole in a
request wrapper. Or just use the RoleFilterTransformer as the basis for a
similar transformer that uses the role information from the context instead
of isUserInRole.
Alternatively, you can use the session transformer to extract any role
information from the authentication context, then use it in an XSL template
to filter out other elements if the required role isn't in it. See "Getting
information from the context" in
http://cocoon.apache.org/2.1/developing/webapps/authentication/user_management.html
Hope this helps,
Andrew.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
