Security with User in Role

From Resin 3.0

Revision as of 19:17, 8 September 2010 by Ferg (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


When used

When you want to restrict access to a section of the web site by users with a particular role, use the security <resin:Allow> with the <resin:IfUserInRole> tags, in combination with an authenticator.

The <resin:Allow> defines a restricted area with a set of url-pattern tags. (You can use more than one.) The child tags in the <resin:Allow> describe the particular restrictions.

The <resin:IfUserInRole> restriction checks for a logged-in user with a particular role.

WEB-INF/resin-web.xml for user in "quidditch" role

 <web-app xmlns="http://caucho.com/ns/resin"
          xmlns:resin="urn:java:com.caucho.resin">
 
   <resin:XmlAuthenticator>
     <user name="harry" password="/sj/53ylCloRemi3YQIVCQ==" role="quidditch"/>
   </resin:XmlAuthenticator>

   <resin:Allow url-pattern="/quidditch/*">
      <resin:IfUserInRole role="quidditch"/>
   </resin:Allow>

 </web-app>

The above example uses the XmlAuthenticator to define the users and their roles. In the example, "harry" is the only user and he has the "quidditch" role because Harry is on the quidditch team.

The website has a restricted section /quidditch which is only accessible to team members. The <resin:Allow> defines the restricted site, and the <resin:IfUserInRole> restricts access to the quidditch team.

Personal tools