You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by mirko <rm...@poczta.of.pl> on 2004/05/27 12:17:03 UTC
Authentication: access role info in sitemap
Hi,
How can I access role information in the sitemap? I want to protect some
pipelines to be only accessed by special users. I think I'll write an
action that will put role to the parameters but maybe there is already
written and better solution.
(The best would be for me that the component will put role info for the
authenticated or put "guest" for the unauthenticated users)
BTW How can I get user's authorization info in flow? I'd like to get the
user ID in the flow script.
Regards,
Mirko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication: access role info in sitemap
Posted by mirko <rm...@poczta.of.pl>.
Guido Casper wrote:
>
> var contextMan =
> cocoon.getComponent(Packages.org.apache.cocoon.webapps.session.ContextManager.ROLE);
>
> var authContext = contextMan.getContext("authentication");
> var userfrag = authContext.getXML("/authentication/ID");
> var rolefrag = authContext.getXML("/authentication/data/role");
> user.username =
> Packages.org.apache.cocoon.xml.dom.DOMUtil.getValueOfNode(userfrag);
> user.role =
> Packages.org.apache.cocoon.xml.dom.DOMUtil.getValueOfNode(rolefrag);
Thank you very much for it.
> If you have multiple roles adjust accordingly and better put it within a
> Java component.
Yes, and that's the reason I wanted to write my auth action.
> There is also already an input module to pass this info from the sitemap
> via:
> <map:parameter name="username"
> value="{session-context:authentication/authentication/ID}"/>
Thanks. This I found in the documentation but I don't like such stuff in
sitemap. It's to much detailed, I like the sitemap clear.
I'm thinking of auth action similiar to the existing one but that
additionallty have:
<map:parameter name="role" value="admin,editor">
and besides of checking if the user is authenticated it'll check if he
is in specified role(s).
I've written this but encoutered problems with lost context.
> Please note that the authentication context is only available from
> within protected sections.
O! Maybe this is the problem I'll check this. But does it mean that
every map:match must be in auth-protect? What about the internal
pipelines, resources, aggregations that are used from "first level"
pipelines? Do they also have to to be protected?
Regards,
mirko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication: access role info in sitemap
Posted by Guido Casper <gc...@s-und-n.de>.
mirko wrote:
> mirko wrote:
>
>> Hi,
>> How can I access role information in the sitemap? I want to protect
>> some pipelines to be only accessed by special users. I think I'll
>> write an action that will put role to the parameters but maybe there
>> is already written and better solution.
>> (The best would be for me that the component will put role info for
>> the authenticated or put "guest" for the unauthenticated users)
>>
>> BTW How can I get user's authorization info in flow? I'd like to get
>> the user ID in the flow script.
>
>
> I started to write my own AuthAction that will put the role info to
> sitemap but noticed that the session context is lost after
> authorization, are there any issues? I'm going to be a little bit
> frustraited because of bugs, lacks of documentation with Cocoon.
var contextMan =
cocoon.getComponent(Packages.org.apache.cocoon.webapps.session.ContextManager.ROLE);
var authContext = contextMan.getContext("authentication");
var userfrag = authContext.getXML("/authentication/ID");
var rolefrag = authContext.getXML("/authentication/data/role");
user.username =
Packages.org.apache.cocoon.xml.dom.DOMUtil.getValueOfNode(userfrag);
user.role =
Packages.org.apache.cocoon.xml.dom.DOMUtil.getValueOfNode(rolefrag);
If you have multiple roles adjust accordingly and better put it within a
Java component.
There is also already an input module to pass this info from the sitemap
via:
<map:parameter name="username"
value="{session-context:authentication/authentication/ID}"/>
Please note that the authentication context is only available from
within protected sections.
HTH
Guido
--
Guido Casper
-------------------------------------------------
S&N AG, Competence Center Open Source
Tel.: +49-5251-1581-87
Klingenderstr. 5 mailto:gcasper@s-und-n.de
D-33100 Paderborn http://www.s-und-n.de
-------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication: access role info in sitemap
Posted by mirko <rm...@poczta.of.pl>.
mirko wrote:
> Hi,
> How can I access role information in the sitemap? I want to protect some
> pipelines to be only accessed by special users. I think I'll write an
> action that will put role to the parameters but maybe there is already
> written and better solution.
> (The best would be for me that the component will put role info for the
> authenticated or put "guest" for the unauthenticated users)
>
> BTW How can I get user's authorization info in flow? I'd like to get the
> user ID in the flow script.
I started to write my own AuthAction that will put the role info to
sitemap but noticed that the session context is lost after
authorization, are there any issues? I'm going to be a little bit
frustraited because of bugs, lacks of documentation with Cocoon.
Regards,
mirko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org