cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Messing, Elad" <>
Subject AW: Authorization (not Authentication) in Cocoon Auth. framework
Date Thu, 07 Apr 2005 08:36:24 GMT
Hello there
	This sounds like what I am looking for - quite simple check without to much changes.
	I would appreciate a code sample..



-----Ursprüngliche Nachricht-----
Von: Grzegorz Sikora [] 
Gesendet: Mittwoch, 6. April 2005 23:31
An: Messing, Elad
Betreff: Re: Authorization (not Authentication) in Cocoon Auth. framework

Hello Elad,

Wednesday, April 6, 2005, 2:20:12 PM, you wrote:

ME> Context etc. This is good, but I also need to check if the user - 
ME> now that I know it has been authenticated - has the authorization of 
ME> accessing the specific resource.

ME>         I was looking for an "Authorizator" interface, or something 
ME> similar, to allow me a hook where I can introduce the code that will 
ME> use the user's Role, with my database of permissions. I cannot seem 
ME> to find it..

AFAIK despite what doc says: "One central point in building a web application is authentication
and authorization. The Cocoon authentication framework is a flexible module for authentication,
authorization and user management."
- Cocoon dont have any resource authorization support. I've created for own usage slighty
modificated auth-protect action which is role sensitive. It looks like ordinary auth-protect
action but requires role list which can access body of action (stuff between <map:act></map:act>).
If role doesnt match user is redirected to page with info 'insufficient privileges'.

It's really simple, just look at source code of this action to get idea how to modify it.
Anyway I can send you pice of code...
Best regards,
 Grzegorz Sikora

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message