[Yanel-dev] Login

Michael Wechner michael.wechner at wyona.com
Sat Sep 18 22:04:32 CEST 2010


Balz Schreier wrote:
> Hi Michael,
>
> I probably went too fast over that page, I thought it only allows a 
> logical grouping of policies with inheritance according to the 
> hierarchical structure within the policies directory... but now I have 
> seen that you can reflect the structure of a URI... it works!


good to hear
>
> I have now /de/login in the URL and
> <policyrepository>/de/login.policy:
>   <usecase id="view">
>     <world permission="false"/>
>   </usecase>
>
> Now the login screen appears.
> Next step is to redirect.
> I have seen that Yanel provides a redirect resource...

yes :-)

Cheers

Michael
>
> Cheers
> Balz
>
>
> On Sat, Sep 18, 2010 at 12:42 AM, Michael Wechner 
> <michael.wechner at wyona.com <mailto:michael.wechner at wyona.com>> wrote:
>
>     Balz Schreier wrote:
>
>         Hi,
>
>         I am quite new to Yanel and one thing I'm still not sure at is
>         the Login mechanism.:
>
>         - Assume that a lot of content is public (no login required).
>         - Certain areas require the user to login (either by clicking
>         on a LOGIN link or by accessing a protected resource, similar
>         to URLs containing "yanel.toolbar=on")
>
>         1) What possibilities are "best practices" within yanel to do
>         a Login?
>         2) Do I need to implement something like
>         YanelServlet.doAccessControl() for my own resources?
>         3) Shall I trigger the login screen by passing a URL parameter
>         like "?myrealm.usecase=login" and if that is available the
>         login process is triggered?
>         4) The Servlet Spec provides a mechanism to configure
>         protected resources in the web.xml. Is there something similar
>         in Yanel where one can configure URIs that should trigger the
>         login mechanism?
>
>         Thanks for providing some hints, I guess I'll have to go for 2).
>
>
>     no, only if you want to protect parts of a page, but not if it is
>     just about protecting the page itself
>
>     I am happy to explain, but want to make sure you have had a look at
>
>     http://127.0.0.1:8080/yanel/yanel-website/en/documentation/security/access-policies.html
>
>     ?
>
>     Please let me know if this documentation is unclear and if so
>     which parts in particular, such
>     that we can improve it.
>
>     Btw, also have a look at the from scratch realm and "play" with
>     it, by changing policies
>
>     src/realms/from-scratch-realm-template/ac-policies/
>     http://127.0.0.1:8080/yanel/from-scratch-realm/en/index.html
>
>     HTH
>
>     Michael
>
>
>         Logout on the other hand is easy, adding "yanel.logout=true"
>         to any URL.
>
>         Thanks
>         Cheers
>         Balz
>
>
>     -- 
>     Yanel-development mailing list Yanel-development at wyona.com
>     <mailto:Yanel-development at wyona.com>
>     http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
>
>



More information about the Yanel-development mailing list