Question: auth-fw, roles, authorisation file format

[Andrei Lunjov <an...@alpitek.com>]

Hello,

I tried to find details in docs and samples, but seems I am quite stupid 
:) Possibly I missed something improtant? I am currently developing 
kind of skeleton and guidelines for quite large application to be used 
for long time - so I want to make things as standard as possible.

Questions are about roles and authorisation/access delimeting.
I understood well (ok, I hope :) ) how authentication works. But what is 
  with authorisation?

Suppose I have some number of roles in authentication xml produced by 
authentication resource like described here 
http://cocoon.apache.org/2.1/developing/webapps/authentication.html
Is there any standart mechanism to allow access for particular resources 
/ sitemap parts depending upon roles user has? Something like RoleMatcher?

Another question is about authentication xml format - same doc says 
quite foggy about multiple roles.
would this be correct? :

<authentication>
     <ID>Unique ID of the user in the system</ID>
	<roles>
     		<role>rolename1</role>
     		<role>rolename2</role>
	</roles>
     <data>
         Any additional optional information can be supplied here.
         This will be stored in the session for later retrieval
     </data>
</authentication>



Any info appreciated.


Andrei Lunyov



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org