cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Ratcliffe <>
Subject Re: Authorization (not Authentication) in Cocoon Auth. framework
Date Wed, 06 Apr 2005 20:33:22 GMT
Hi Elad

I've integrated the Sun XACML library into a cocoon project recently 
for handling authorization. It provides policy-based access
for resources, where policy rules are evaluated using subject, 
resource, and environment attributes.  Let me know if you'd like
further information.


On 7 Apr, 2005, at 12:20 AM, Messing, Elad wrote:

> Hello All
>          I am looking for the best way to handle authorization in my 
> application.
>         Authentication is handled nicely by the Auth. Framework, but I 
> cannot seem to find the hook for the authorization..
>         What I mean is, once a user is requesting for a resource, the 
> Auth.
>  Framework is checking if the user authenticated - I.E. already passed 
> through the login procedure, and now has a session with the auth.
> Context etc. This is good, but I also need to check if the user - now 
> that I know it has been authenticated - has the authorization of 
> accessing the specific resource.
>         I was looking for an "Authorizator" interface, or something 
> similar, to allow me a hook where I can introduce the code that will 
> use the user's Role, with my database of permissions. I cannot seem to 
> find it..
>         What would you suggest ?
>         Thank you !
> Elad Messing

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message