apache > cocoon
 

Authentication Framework: User Administration

Using the framework, it is possible to add new roles to the system and to add new users. For this purpose, there are several optional entries for the authentication handler which provide the needed functionality:

<autentication-manager>
  <handlers>
    <handler name="unique">
             ...redirect-to/authentication configuration...

      <!-- Optional resource for loading user information -->
      <load-users uri="cocoon:raw://financeresource-sunrise-loaduser"/>

      <!-- Optional resource for loading roles information-->
      <load-roles uri="cocoon:raw://financeresource-sunrise-roles"/>

      <!-- Optional resource for creating a new user -->
      <new-user uri="cocoon:raw://financeresource-sunrise-newuser"/>

      <!-- Optional resource for creating a new role -->
      <new-role uri="cocoon:raw://financeresource-sunrise-newrole"/>

      <!-- Optional resource for changing user information -->
      <change-user uri="cocoon:raw://financeresource-sunrise-newuser"/>

      <!-- Optional resource for deleting a role -->
      <delete-role uri="cocoon:raw://financeresource-sunrise-delrole"/>

      <!-- Optional resource for deleting a user-->
      <delete-user uri="cocoon:raw://financeresource-sunrise-deluser"/>
    </handler>
  </handlers>
</autentication-manager>

The entries are described in the following subchapters. All tags can have additional parameter definitions which are passed to the given resource, e.g:

<!-- Optional resource for deleting a user-->
<delete-user uri="cocoon:raw://financeresource-sunrise-deluser">
  <connection>database</connection>
  <url>db:usertable</url>
</delete-user>

Getting Roles

The load-roles resource is invoked from the framework whenever it needs information about the available roles. This resource gets the parameter "type" with the value "roles" and should deliver an XML schema with the root node "roles" and for each role a sub-element "role" with a text child of the rolename:

<roles>
  <role>admin</role>
  <role>guest</role>
  <role>user</role>
</roles>

Getting Users

The load-users resource is called whenever information about the available users is needed. There are three different uses of this resource:

  • Loading all users: The parameter "type" with the value "users" is passed to the resource. It should then deliver all users in the system.
  • Loading all users of one role. The resource gets the parameters "type" with the value "users" and "role" with the rolename.
  • Load information of one user. The resource gets the parameters "type" with the value "user", "role" with the rolename and "ID" with the authentication ID of the user.

The XML format of the resource should look like the following:

<users>
  <user>
    <ID>authentication ID</ID>
    <role>rolename</role>
    <data>
       ... application specific data ...
    </data>
  </user>
  <user>
    ...
  </user>
    ...
</users>

Creating a new role

The new-role resource creates a new role in the system. It gets the parameters "type" with the value "role" and "role" with the new rolename.

Creating a new user

The new-user resource creates a new user with a role. It gets the parameters "type" with the value "user", "role" with the rolename and "ID" with the new ID for this user.

Changing information of a user

The change-user resources changes the user information. The parameters "type" with the value "user", "role" with the rolename and "ID" with the ID of the user are passed to it. In addition all application-specific information for this user is passed as parameters.

Delete a user

The delete-user resource will be called to delete a user. The parameter "type" with the value "user", "role" with the rolename and "ID" with the ID of the user are passed as parameters.

Delete a role

The delete-role resources deletes a role. The parameters "type" with the value "role" and "role" with the rolename are passed as parameters.