Security with User in Role

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
(New page: Category: Cookbook, Security == When used == When you want to restrict access to a section of the web site by users with a particular role, use the security <resin:Allow> with the <r...)
 
Line 1: Line 1:
[[Category: Cookbook, Security]]
+
[[Category: Cookbook]]
 +
[[Category: Security]]
  
 
== When used ==
 
== When used ==
Line 20: Line 21:
 
     </resin:XmlAuthenticator>
 
     </resin:XmlAuthenticator>
 
   
 
   
     <resin:Allow url-pattern="/quidditch/*">
+
     <resin:Allow>
 +
      <url-pattern>/quidditch/*</url-pattern>
 +
      <url-pattern>/athletics/*</url-pattern>
 +
 
       <resin:IfUserInRole role="quidditch"/>
 
       <resin:IfUserInRole role="quidditch"/>
 
     </resin:Allow>
 
     </resin:Allow>

Revision as of 19:18, 8 September 2010


When used

When you want to restrict access to a section of the web site by users with a particular role, use the security <resin:Allow> with the <resin:IfUserInRole> tags, in combination with an authenticator.

The <resin:Allow> defines a restricted area with a set of url-pattern tags. (You can use more than one.) The child tags in the <resin:Allow> describe the particular restrictions.

The <resin:IfUserInRole> restriction checks for a logged-in user with a particular role.

WEB-INF/resin-web.xml for user in "quidditch" role

 <web-app xmlns="http://caucho.com/ns/resin"
          xmlns:resin="urn:java:com.caucho.resin">
 
   <resin:XmlAuthenticator>
     <user name="harry" password="/sj/53ylCloRemi3YQIVCQ==" role="quidditch"/>
   </resin:XmlAuthenticator>

   <resin:Allow>
      <url-pattern>/quidditch/*</url-pattern>
      <url-pattern>/athletics/*</url-pattern>

      <resin:IfUserInRole role="quidditch"/>
   </resin:Allow>

 </web-app>

The above example uses the XmlAuthenticator to define the users and their roles. In the example, "harry" is the only user and he has the "quidditch" role because Harry is on the quidditch team.

The website has a restricted section /quidditch which is only accessible to team members. The <resin:Allow> defines the restricted site, and the <resin:IfUserInRole> restricts access to the quidditch team.

Personal tools