Authentication Framework: User Administration
Using the framework, it is possible to add new roles to the system and to add new users. For this purpose, there are several optional entries for the authentication handler which provide the needed functionality:
<autentication-manager>
<handlers>
<handler name="unique">
...redirect-to/authentication configuration...
<!-- Optional resource for loading user information -->
<load-users uri="cocoon:raw://financeresource-sunrise-loaduser"/>
<!-- Optional resource for loading roles information-->
<load-roles uri="cocoon:raw://financeresource-sunrise-roles"/>
<!-- Optional resource for creating a new user -->
<new-user uri="cocoon:raw://financeresource-sunrise-newuser"/>
<!-- Optional resource for creating a new role -->
<new-role uri="cocoon:raw://financeresource-sunrise-newrole"/>
<!-- Optional resource for changing user information -->
<change-user uri="cocoon:raw://financeresource-sunrise-newuser"/>
<!-- Optional resource for deleting a role -->
<delete-role uri="cocoon:raw://financeresource-sunrise-delrole"/>
<!-- Optional resource for deleting a user-->
<delete-user uri="cocoon:raw://financeresource-sunrise-deluser"/>
</handler>
</handlers>
</autentication-manager>
The entries are described in the following subchapters. All tags can have additional parameter definitions which are passed to the given resource, e.g:
<!-- Optional resource for deleting a user--> <delete-user uri="cocoon:raw://financeresource-sunrise-deluser"> <connection>database</connection> <url>db:usertable</url> </delete-user>
Getting Roles
The load-roles resource is invoked from the framework whenever it needs information about the available roles. This resource gets the parameter "type" with the value "roles" and should deliver an XML schema with the root node "roles" and for each role a sub-element "role" with a text child of the rolename:
<roles> <role>admin</role> <role>guest</role> <role>user</role> </roles>
Getting Users
The load-users resource is called whenever information about the available users is needed. There are three different uses of this resource:
- Loading all users: The parameter "type" with the value "users" is passed to the resource. It should then deliver all users in the system.
- Loading all users of one role. The resource gets the parameters "type" with the value "users" and "role" with the rolename.
- Load information of one user. The resource gets the parameters "type" with the value "user", "role" with the rolename and "ID" with the authentication ID of the user.
The XML format of the resource should look like the following:
<users>
<user>
<ID>authentication ID</ID>
<role>rolename</role>
<data>
... application specific data ...
</data>
</user>
<user>
...
</user>
...
</users>
Creating a new role
The new-role resource creates a new role in the system. It gets the parameters "type" with the value "role" and "role" with the new rolename.
Creating a new user
The new-user resource creates a new user with a role. It gets the parameters "type" with the value "user", "role" with the rolename and "ID" with the new ID for this user.
Changing information of a user
The change-user resources changes the user information. The parameters "type" with the value "user", "role" with the rolename and "ID" with the ID of the user are passed to it. In addition all application-specific information for this user is passed as parameters.
Delete a user
The delete-user resource will be called to delete a user. The parameter "type" with the value "user", "role" with the rolename and "ID" with the ID of the user are passed as parameters.
Delete a role
The delete-role resources deletes a role. The parameters "type" with the value "role" and "role" with the rolename are passed as parameters.
Errors and Improvements? If you see any errors or potential improvements in this document please help us: View, Edit or comment on the latest development version (registration required).