Security with User in Role
From Resin 3.0
(New page: Category: Cookbook, Security == When used == When you want to restrict access to a section of the web site by users with a particular role, use the security <resin:Allow> with the <r...) |
|||
(One intermediate revision by one user not shown) | |||
Line 1: | Line 1: | ||
− | [[Category: Cookbook | + | [[Category: Cookbook]] |
+ | [[Category: Security]] | ||
== When used == | == When used == | ||
Line 20: | Line 21: | ||
</resin:XmlAuthenticator> | </resin:XmlAuthenticator> | ||
− | <resin:Allow url-pattern | + | <resin:Allow> |
+ | <url-pattern>/quidditch/*</url-pattern> | ||
+ | <url-pattern>/athletics/*</url-pattern> | ||
+ | |||
<resin:IfUserInRole role="quidditch"/> | <resin:IfUserInRole role="quidditch"/> | ||
</resin:Allow> | </resin:Allow> |
Latest revision as of 17:36, 21 October 2011
When used
When you want to restrict access to a section of the web site by users with a particular role, use the security <resin:Allow> with the <resin:IfUserInRole> tags, in combination with an authenticator.
The <resin:Allow> defines a restricted area with a set of url-pattern tags. (You can use more than one.) The child tags in the <resin:Allow> describe the particular restrictions.
The <resin:IfUserInRole> restriction checks for a logged-in user with a particular role.
WEB-INF/resin-web.xml for user in "quidditch" role
<web-app xmlns="http://caucho.com/ns/resin" xmlns:resin="urn:java:com.caucho.resin"> <resin:XmlAuthenticator> <user name="harry" password="/sj/53ylCloRemi3YQIVCQ==" role="quidditch"/> </resin:XmlAuthenticator> <resin:Allow> <url-pattern>/quidditch/*</url-pattern> <url-pattern>/athletics/*</url-pattern> <resin:IfUserInRole role="quidditch"/> </resin:Allow> </web-app>
The above example uses the XmlAuthenticator to define the users and their roles. In the example, "harry" is the only user and he has the "quidditch" role because Harry is on the quidditch team.
The website has a restricted section /quidditch which is only accessible to team members. The <resin:Allow> defines the restricted site, and the <resin:IfUserInRole> restricts access to the quidditch team.