More than one role to access an element ?

>
> Hi,
>
> My CredentialsManager works perfect evrything looked good but now I am
> stuck again. I have an Element that can be used from admins and  
> users. I
> defined this with:
>
>        <element id="AuthClient" extends="rife/authenticated/
> memory.xml">
>            <property name="password_encryption">SHA</property>
>            <property name="role">Client</property>
>            <property name="role">Admin</property>
>            <property name="authvar_type">cookie</property>
>            <property name="template_name">authentication.admin</
> property>
>            <property
> name
> =
> "credentialsmanagerfactory_class
> ">de.sourcepark.ms2.rife.MS2CredentialsManagerFactory</property>
>            <submission name="credentials">
>                <param name="login"/>
>                <param name="password"/>
>            </submission>
>
>            <childtrigger name="authid"/>
>        </element>
>
> and
>
>            <element id="CustomerChangePw"
>
> implementation="de.sourcepark.ms2.rife.customer.EditCustomerPw"
>                     url="/customerchangepw" inherits="AuthClient">
>                <inbean name="customer" prefix="pre_"
>
> classname="de.sourcepark.ms2.rife.customer.CBCustomerPwEdit"/>
>                <autolink srcexit="CustomerList"/>
>            </element>
>
> Everything works fine when I login with accounts that have the admin
> rolle assigned to. When I try to login as normal user I always get an
> invalid credentials error.
>
> When debugging my CredentialsManager I checked the credentials I get  
> as
> parameter in the verifyCredentials method the credentials with  
> password
> and username as expected but the role is always set to Admin. When I
> remove the Admin role form the AuthClient element the role is always  
> set
> to Client. Shouldn' t the credentials given containing all the roles
> allowed for the element ?
>
> Where is my fault ?

> Hi Matthias,
>
> properties are key-value pairs, so if you set it multiple times, the  
> last one will replace the earlier one. However, I'm surprised that I  
> never ran into this multiple role problem before. Now that I think of  
> it, I always had clearly defined sections of the sites I developed  
> where when authentication was used, there was always one role that  
> corresponded. When several roles applied, I always had information to  
> show to everyone, and I used the user identification facility (http://rifers.org/wiki/display/RIFE/User+identification+facility 
> ).
>
> Now, you should be able to quite easily support multiple roles for  
> authentication elements since you already have a custom  
> CredentialsManager. You could for instance separate different roles  
> with commas and then adapt your verifyCredentials(Credentials) method  
> to properly handle the separation of the roles.
>
> I'd like to support this by default in RIFE though since it seems like  
> a shameful oversight. Have to think about how to best do this in a  
> backwards compatible way (you never know if someone uses commas in his  
> role names!).
>
> Hope this helps,
>
> Geert
>
>
> On 22 May 2008, at 11:34, Matthias Barmeier wrote:
>
>  
>> Hi,
>>
>> My CredentialsManager works perfect evrything looked good but now I am
>> stuck again. I have an Element that can be used from admins and  
>> users. I
>> defined this with:
>>
>>        <element id="AuthClient" extends="rife/authenticated/
>> memory.xml">
>>            <property name="password_encryption">SHA</property>
>>            <property name="role">Client</property>
>>            <property name="role">Admin</property>
>>            <property name="authvar_type">cookie</property>
>>            <property name="template_name">authentication.admin</
>> property>
>>            <property
>> name
>> =
>> "credentialsmanagerfactory_class
>> ">de.sourcepark.ms2.rife.MS2CredentialsManagerFactory</property>
>>            <submission name="credentials">
>>                <param name="login"/>
>>                <param name="password"/>
>>            </submission>
>>
>>            <childtrigger name="authid"/>
>>        </element>
>>
>> and
>>
>>            <element id="CustomerChangePw"
>>
>> implementation="de.sourcepark.ms2.rife.customer.EditCustomerPw"
>>                     url="/customerchangepw" inherits="AuthClient">
>>                <inbean name="customer" prefix="pre_"
>>
>> classname="de.sourcepark.ms2.rife.customer.CBCustomerPwEdit"/>
>>                <autolink srcexit="CustomerList"/>
>>            </element>
>>
>> Everything works fine when I login with accounts that have the admin
>> rolle assigned to. When I try to login as normal user I always get an
>> invalid credentials error.
>>
>> When debugging my CredentialsManager I checked the credentials I get  
>> as
>> parameter in the verifyCredentials method the credentials with  
>> password
>> and username as expected but the role is always set to Admin. When I
>> remove the Admin role form the AuthClient element the role is always  
>> set
>> to Client. Shouldn' t the credentials given containing all the roles
>> allowed for the element ?
>>
>> Where is my fault ?
>>    
>
> --
> Geert Bevin
> Terracotta - http://www.terracotta.org
> Uwyn "Use what you need" - http://uwyn.com
> RIFE Java application framework - http://rifers.org
> Music and words - http://gbevin.com
>
>
> >
>  

>
> Hi Geert,
>
> actually I have already implemented the comma separated roles ;).  
> But I
> thought I have missed something in the docs as usual.
>
> I think it is OK to say that roles should not contain a comma. The
> easiest solution would be to add a property named roles where a comma
> separated list of roles can be entered. This should solve 98% of the  
> needs.
>
> I don't like separators too and the cleanest way I think is  
> something like:
>
>        <element id="AuthClient" extends="rife/authenticated/
> memory.xml">
>            <property name="password_encryption">SHA</property>
>             <roles>
>                   <role name="Admin"/>
>                   <role name="Client"/>
>             </roles>
>            <property name="authvar_type">cookie</property>
>            <property name="template_name">authentication.admin</
> property>
>            <submission name="credentials">
>                <param name="login"/>
>                <param name="password"/>
>            </submission>
>
>            <childtrigger name="authid"/>
>        </element>
>
> But is it really a restriction to disallow role names with commas ?
>
> Ciao
>    Matthias
>
>
> Geert Bevin schrieb:
>> Hi Matthias,
>>
>> properties are key-value pairs, so if you set it multiple times, the
>> last one will replace the earlier one. However, I'm surprised that I
>> never ran into this multiple role problem before. Now that I think of
>> it, I always had clearly defined sections of the sites I developed
>> where when authentication was used, there was always one role that
>> corresponded. When several roles applied, I always had information to
>> show to everyone, and I used the user identification facility (http://rifers.org/wiki/display/RIFE/User+identification+facility
>> ).
>>
>> Now, you should be able to quite easily support multiple roles for
>> authentication elements since you already have a custom
>> CredentialsManager. You could for instance separate different roles
>> with commas and then adapt your verifyCredentials(Credentials) method
>> to properly handle the separation of the roles.
>>
>> I'd like to support this by default in RIFE though since it seems  
>> like
>> a shameful oversight. Have to think about how to best do this in a
>> backwards compatible way (you never know if someone uses commas in  
>> his
>> role names!).
>>
>> Hope this helps,
>>
>> Geert
>>
>>
>> On 22 May 2008, at 11:34, Matthias Barmeier wrote:
>>
>>
>>> Hi,
>>>
>>> My CredentialsManager works perfect evrything looked good but now  
>>> I am
>>> stuck again. I have an Element that can be used from admins and
>>> users. I
>>> defined this with:
>>>
>>>       <element id="AuthClient" extends="rife/authenticated/
>>> memory.xml">
>>>           <property name="password_encryption">SHA</property>
>>>           <property name="role">Client</property>
>>>           <property name="role">Admin</property>
>>>           <property name="authvar_type">cookie</property>
>>>           <property name="template_name">authentication.admin</
>>> property>
>>>           <property
>>> name
>>> =
>>> "credentialsmanagerfactory_class
>>> ">de.sourcepark.ms2.rife.MS2CredentialsManagerFactory</property>
>>>           <submission name="credentials">
>>>               <param name="login"/>
>>>               <param name="password"/>
>>>           </submission>
>>>
>>>           <childtrigger name="authid"/>
>>>       </element>
>>>
>>> and
>>>
>>>           <element id="CustomerChangePw"
>>>
>>> implementation="de.sourcepark.ms2.rife.customer.EditCustomerPw"
>>>                    url="/customerchangepw" inherits="AuthClient">
>>>               <inbean name="customer" prefix="pre_"
>>>
>>> classname="de.sourcepark.ms2.rife.customer.CBCustomerPwEdit"/>
>>>               <autolink srcexit="CustomerList"/>
>>>           </element>
>>>
>>> Everything works fine when I login with accounts that have the admin
>>> rolle assigned to. When I try to login as normal user I always get  
>>> an
>>> invalid credentials error.
>>>
>>> When debugging my CredentialsManager I checked the credentials I get
>>> as
>>> parameter in the verifyCredentials method the credentials with
>>> password
>>> and username as expected but the role is always set to Admin. When I
>>> remove the Admin role form the AuthClient element the role is always
>>> set
>>> to Client. Shouldn' t the credentials given containing all the roles
>>> allowed for the element ?
>>>
>>> Where is my fault ?
>>>
>>
>> --
>> Geert Bevin
>> Terracotta - http://www.terracotta.org
>> Uwyn "Use what you need" - http://uwyn.com
>> RIFE Java application framework - http://rifers.org
>> Music and words - http://gbevin.com
>>
>>
>>>
>>
>
> >

> Hi Matthias,
>
> I was thinking along the same lines, but instead with something  
> generic, like:
>
> <property name="role">
>    <list>
>      <item>Client</item>
>      <item>Admin</item>
>    </list>
> </property>
>
> This would then create a list with those two item added to it.
>
> When used with Java to build the element, this would even be easier:
>
> .addProperty("role", Arrays.asList(new String[] {"Client", "Admin"}));
>
> What do you think?
>
> Best regards,
>
> Geert
>
> On 22 May 2008, at 12:51, Matthias Barmeier wrote:
>
>  
>> Hi Geert,
>>
>> actually I have already implemented the comma separated roles ;).  
>> But I
>> thought I have missed something in the docs as usual.
>>
>> I think it is OK to say that roles should not contain a comma. The
>> easiest solution would be to add a property named roles where a comma
>> separated list of roles can be entered. This should solve 98% of the  
>> needs.
>>
>> I don't like separators too and the cleanest way I think is  
>> something like:
>>
>>        <element id="AuthClient" extends="rife/authenticated/
>> memory.xml">
>>            <property name="password_encryption">SHA</property>
>>             <roles>
>>                   <role name="Admin"/>
>>                   <role name="Client"/>
>>             </roles>
>>            <property name="authvar_type">cookie</property>
>>            <property name="template_name">authentication.admin</
>> property>
>>            <submission name="credentials">
>>                <param name="login"/>
>>                <param name="password"/>
>>            </submission>
>>
>>            <childtrigger name="authid"/>
>>        </element>
>>
>> But is it really a restriction to disallow role names with commas ?
>>
>> Ciao
>>    Matthias
>>
>>
>> Geert Bevin schrieb:
>>    
>>> Hi Matthias,
>>>
>>> properties are key-value pairs, so if you set it multiple times, the
>>> last one will replace the earlier one. However, I'm surprised that I
>>> never ran into this multiple role problem before. Now that I think of
>>> it, I always had clearly defined sections of the sites I developed
>>> where when authentication was used, there was always one role that
>>> corresponded. When several roles applied, I always had information to
>>> show to everyone, and I used the user identification facility (http://rifers.org/wiki/display/RIFE/User+identification+facility
>>> ).
>>>
>>> Now, you should be able to quite easily support multiple roles for
>>> authentication elements since you already have a custom
>>> CredentialsManager. You could for instance separate different roles
>>> with commas and then adapt your verifyCredentials(Credentials) method
>>> to properly handle the separation of the roles.
>>>
>>> I'd like to support this by default in RIFE though since it seems  
>>> like
>>> a shameful oversight. Have to think about how to best do this in a
>>> backwards compatible way (you never know if someone uses commas in  
>>> his
>>> role names!).
>>>
>>> Hope this helps,
>>>
>>> Geert
>>>
>>>
>>> On 22 May 2008, at 11:34, Matthias Barmeier wrote:
>>>
>>>
>>>      
>>>> Hi,
>>>>
>>>> My CredentialsManager works perfect evrything looked good but now  
>>>> I am
>>>> stuck again. I have an Element that can be used from admins and
>>>> users. I
>>>> defined this with:
>>>>
>>>>       <element id="AuthClient" extends="rife/authenticated/
>>>> memory.xml">
>>>>           <property name="password_encryption">SHA</property>
>>>>           <property name="role">Client</property>
>>>>           <property name="role">Admin</property>
>>>>           <property name="authvar_type">cookie</property>
>>>>           <property name="template_name">authentication.admin</
>>>> property>
>>>>           <property
>>>> name
>>>> =
>>>> "credentialsmanagerfactory_class
>>>> ">de.sourcepark.ms2.rife.MS2CredentialsManagerFactory</property>
>>>>           <submission name="credentials">
>>>>               <param name="login"/>
>>>>               <param name="password"/>
>>>>           </submission>
>>>>
>>>>           <childtrigger name="authid"/>
>>>>       </element>
>>>>
>>>> and
>>>>
>>>>           <element id="CustomerChangePw"
>>>>
>>>> implementation="de.sourcepark.ms2.rife.customer.EditCustomerPw"
>>>>                    url="/customerchangepw" inherits="AuthClient">
>>>>               <inbean name="customer" prefix="pre_"
>>>>
>>>> classname="de.sourcepark.ms2.rife.customer.CBCustomerPwEdit"/>
>>>>               <autolink srcexit="CustomerList"/>
>>>>           </element>
>>>>
>>>> Everything works fine when I login with accounts that have the admin
>>>> rolle assigned to. When I try to login as normal user I always get  
>>>> an
>>>> invalid credentials error.
>>>>
>>>> When debugging my CredentialsManager I checked the credentials I get
>>>> as
>>>> parameter in the verifyCredentials method the credentials with
>>>> password
>>>> and username as expected but the role is always set to Admin. When I
>>>> remove the Admin role form the AuthClient element the role is always
>>>> set
>>>> to Client. Shouldn' t the credentials given containing all the roles
>>>> allowed for the element ?
>>>>
>>>> Where is my fault ?
>>>>
>>>>        
>>> --
>>> Geert Bevin
>>> Terracotta - http://www.terracotta.org
>>> Uwyn "Use what you need" - http://uwyn.com
>>> RIFE Java application framework - http://rifers.org
>>> Music and words - http://gbevin.com
>>>
>>>
>>>      
>
> --
> Geert Bevin
> Terracotta - http://www.terracotta.org
> Uwyn "Use what you need" - http://uwyn.com
> RIFE Java application framework - http://rifers.org
> Music and words - http://gbevin.com
>
>
> >
>  

>
> Hi Geert,
>
> perfect. I think this would be (at least for me ;) ) a real good  
> feature.
>
> Ciao
>    Matthias
>
>
>
> Geert Bevin schrieb:
>> Hi Matthias,
>>
>> I was thinking along the same lines, but instead with something
>> generic, like:
>>
>> <property name="role">
>>   <list>
>>     <item>Client</item>
>>     <item>Admin</item>
>>   </list>
>> </property>
>>
>> This would then create a list with those two item added to it.
>>
>> When used with Java to build the element, this would even be easier:
>>
>> .addProperty("role", Arrays.asList(new String[] {"Client",  
>> "Admin"}));
>>
>> What do you think?
>>
>> Best regards,
>>
>> Geert
>>
>> On 22 May 2008, at 12:51, Matthias Barmeier wrote:
>>
>>
>>> Hi Geert,
>>>
>>> actually I have already implemented the comma separated roles ;).
>>> But I
>>> thought I have missed something in the docs as usual.
>>>
>>> I think it is OK to say that roles should not contain a comma. The
>>> easiest solution would be to add a property named roles where a  
>>> comma
>>> separated list of roles can be entered. This should solve 98% of the
>>> needs.
>>>
>>> I don't like separators too and the cleanest way I think is
>>> something like:
>>>
>>>       <element id="AuthClient" extends="rife/authenticated/
>>> memory.xml">
>>>           <property name="password_encryption">SHA</property>
>>>            <roles>
>>>                  <role name="Admin"/>
>>>                  <role name="Client"/>
>>>            </roles>
>>>           <property name="authvar_type">cookie</property>
>>>           <property name="template_name">authentication.admin</
>>> property>
>>>           <submission name="credentials">
>>>               <param name="login"/>
>>>               <param name="password"/>
>>>           </submission>
>>>
>>>           <childtrigger name="authid"/>
>>>       </element>
>>>
>>> But is it really a restriction to disallow role names with commas ?
>>>
>>> Ciao
>>>   Matthias
>>>
>>>
>>> Geert Bevin schrieb:
>>>
>>>> Hi Matthias,
>>>>
>>>> properties are key-value pairs, so if you set it multiple times,  
>>>> the
>>>> last one will replace the earlier one. However, I'm surprised  
>>>> that I
>>>> never ran into this multiple role problem before. Now that I  
>>>> think of
>>>> it, I always had clearly defined sections of the sites I developed
>>>> where when authentication was used, there was always one role that
>>>> corresponded. When several roles applied, I always had  
>>>> information to
>>>> show to everyone, and I used the user identification facility (http://rifers.org/wiki/display/RIFE/User+identification+facility
>>>> ).
>>>>
>>>> Now, you should be able to quite easily support multiple roles for
>>>> authentication elements since you already have a custom
>>>> CredentialsManager. You could for instance separate different roles
>>>> with commas and then adapt your verifyCredentials(Credentials)  
>>>> method
>>>> to properly handle the separation of the roles.
>>>>
>>>> I'd like to support this by default in RIFE though since it seems
>>>> like
>>>> a shameful oversight. Have to think about how to best do this in a
>>>> backwards compatible way (you never know if someone uses commas in
>>>> his
>>>> role names!).
>>>>
>>>> Hope this helps,
>>>>
>>>> Geert
>>>>
>>>>
>>>> On 22 May 2008, at 11:34, Matthias Barmeier wrote:
>>>>
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> My CredentialsManager works perfect evrything looked good but now
>>>>> I am
>>>>> stuck again. I have an Element that can be used from admins and
>>>>> users. I
>>>>> defined this with:
>>>>>
>>>>>      <element id="AuthClient" extends="rife/authenticated/
>>>>> memory.xml">
>>>>>          <property name="password_encryption">SHA</property>
>>>>>          <property name="role">Client</property>
>>>>>          <property name="role">Admin</property>
>>>>>          <property name="authvar_type">cookie</property>
>>>>>          <property name="template_name">authentication.admin</
>>>>> property>
>>>>>          <property
>>>>> name
>>>>> =
>>>>> "credentialsmanagerfactory_class
>>>>> ">de.sourcepark.ms2.rife.MS2CredentialsManagerFactory</property>
>>>>>          <submission name="credentials">
>>>>>              <param name="login"/>
>>>>>              <param name="password"/>
>>>>>          </submission>
>>>>>
>>>>>          <childtrigger name="authid"/>
>>>>>      </element>
>>>>>
>>>>> and
>>>>>
>>>>>          <element id="CustomerChangePw"
>>>>>
>>>>> implementation="de.sourcepark.ms2.rife.customer.EditCustomerPw"
>>>>>                   url="/customerchangepw" inherits="AuthClient">
>>>>>              <inbean name="customer" prefix="pre_"
>>>>>
>>>>> classname="de.sourcepark.ms2.rife.customer.CBCustomerPwEdit"/>
>>>>>              <autolink srcexit="CustomerList"/>
>>>>>          </element>
>>>>>
>>>>> Everything works fine when I login with accounts that have the  
>>>>> admin
>>>>> rolle assigned to. When I try to login as normal user I always get
>>>>> an
>>>>> invalid credentials error.
>>>>>
>>>>> When debugging my CredentialsManager I checked the credentials I  
>>>>> get
>>>>> as
>>>>> parameter in the verifyCredentials method the credentials with
>>>>> password
>>>>> and username as expected but the role is always set to Admin.  
>>>>> When I
>>>>> remove the Admin role form the AuthClient element the role is  
>>>>> always
>>>>> set
>>>>> to Client. Shouldn' t the credentials given containing all the  
>>>>> roles
>>>>> allowed for the element ?
>>>>>
>>>>> Where is my fault ?
>>>>>
>>>>>
>>>> --
>>>> Geert Bevin
>>>> Terracotta - http://www.terracotta.org
>>>> Uwyn "Use what you need" - http://uwyn.com
>>>> RIFE Java application framework - http://rifers.org
>>>> Music and words - http://gbevin.com
>>>>
>>>>
>>>>
>>
>> --
>> Geert Bevin
>> Terracotta - http://www.terracotta.org
>> Uwyn "Use what you need" - http://uwyn.com
>> RIFE Java application framework - http://rifers.org
>> Music and words - http://gbevin.com
>>
>>
>>>
>>
>
>
> >

> Hi Matthias,
>
> can you please add it to the Jira issue tracker and describe all this  
> (copy paste of email snippets is ok). Then I wont forget it :-)
>
> Thanks!
>
> Geert
>
> On 22 May 2008, at 15:21, Matthias Barmeier wrote:
>
>  
>> Hi Geert,
>>
>> perfect. I think this would be (at least for me ;) ) a real good  
>> feature.
>>
>> Ciao
>>    Matthias
>>
>>
>>
>> Geert Bevin schrieb:
>>    
>>> Hi Matthias,
>>>
>>> I was thinking along the same lines, but instead with something
>>> generic, like:
>>>
>>> <property name="role">
>>>   <list>
>>>     <item>Client</item>
>>>     <item>Admin</item>
>>>   </list>
>>> </property>
>>>
>>> This would then create a list with those two item added to it.
>>>
>>> When used with Java to build the element, this would even be easier:
>>>
>>> .addProperty("role", Arrays.asList(new String[] {"Client",  
>>> "Admin"}));
>>>
>>> What do you think?
>>>
>>> Best regards,
>>>
>>> Geert
>>>
>>> On 22 May 2008, at 12:51, Matthias Barmeier wrote:
>>>
>>>
>>>      
>>>> Hi Geert,
>>>>
>>>> actually I have already implemented the comma separated roles ;).
>>>> But I
>>>> thought I have missed something in the docs as usual.
>>>>
>>>> I think it is OK to say that roles should not contain a comma. The
>>>> easiest solution would be to add a property named roles where a  
>>>> comma
>>>> separated list of roles can be entered. This should solve 98% of the
>>>> needs.
>>>>
>>>> I don't like separators too and the cleanest way I think is
>>>> something like:
>>>>
>>>>       <element id="AuthClient" extends="rife/authenticated/
>>>> memory.xml">
>>>>           <property name="password_encryption">SHA</property>
>>>>            <roles>
>>>>                  <role name="Admin"/>
>>>>                  <role name="Client"/>
>>>>            </roles>
>>>>           <property name="authvar_type">cookie</property>
>>>>           <property name="template_name">authentication.admin</
>>>> property>
>>>>           <submission name="credentials">
>>>>               <param name="login"/>
>>>>               <param name="password"/>
>>>>           </submission>
>>>>
>>>>           <childtrigger name="authid"/>
>>>>       </element>
>>>>
>>>> But is it really a restriction to disallow role names with commas ?
>>>>
>>>> Ciao
>>>>   Matthias
>>>>
>>>>
>>>> Geert Bevin schrieb:
>>>>
>>>>        
>>>>> Hi Matthias,
>>>>>
>>>>> properties are key-value pairs, so if you set it multiple times,  
>>>>> the
>>>>> last one will replace the earlier one. However, I'm surprised  
>>>>> that I
>>>>> never ran into this multiple role problem before. Now that I  
>>>>> think of
>>>>> it, I always had clearly defined sections of the sites I developed
>>>>> where when authentication was used, there was always one role that
>>>>> corresponded. When several roles applied, I always had  
>>>>> information to
>>>>> show to everyone, and I used the user identification facility (http://rifers.org/wiki/display/RIFE/User+identification+facility
>>>>> ).
>>>>>
>>>>> Now, you should be able to quite easily support multiple roles for
>>>>> authentication elements since you already have a custom
>>>>> CredentialsManager. You could for instance separate different roles
>>>>> with commas and then adapt your verifyCredentials(Credentials)  
>>>>> method
>>>>> to properly handle the separation of the roles.
>>>>>
>>>>> I'd like to support this by default in RIFE though since it seems
>>>>> like
>>>>> a shameful oversight. Have to think about how to best do this in a
>>>>> backwards compatible way (you never know if someone uses commas in
>>>>> his
>>>>> role names!).
>>>>>
>>>>> Hope this helps,
>>>>>
>>>>> Geert
>>>>>
>>>>>
>>>>> On 22 May 2008, at 11:34, Matthias Barmeier wrote:
>>>>>
>>>>>
>>>>>
>>>>>          
>>>>>> Hi,
>>>>>>
>>>>>> My CredentialsManager works perfect evrything looked good but now
>>>>>> I am
>>>>>> stuck again. I have an Element that can be used from admins and
>>>>>> users. I
>>>>>> defined this with:
>>>>>>
>>>>>>      <element id="AuthClient" extends="rife/authenticated/
>>>>>> memory.xml">
>>>>>>          <property name="password_encryption">SHA</property>
>>>>>>          <property name="role">Client</property>
>>>>>>          <property name="role">Admin</property>
>>>>>>          <property name="authvar_type">cookie</property>
>>>>>>          <property name="template_name">authentication.admin</
>>>>>> property>
>>>>>>          <property
>>>>>> name
>>>>>> =
>>>>>> "credentialsmanagerfactory_class
>>>>>> ">de.sourcepark.ms2.rife.MS2CredentialsManagerFactory</property>
>>>>>>          <submission name="credentials">
>>>>>>              <param name="login"/>
>>>>>>              <param name="password"/>
>>>>>>          </submission>
>>>>>>
>>>>>>          <childtrigger name="authid"/>
>>>>>>      </element>
>>>>>>
>>>>>> and
>>>>>>
>>>>>>          <element id="CustomerChangePw"
>>>>>>
>>>>>> implementation="de.sourcepark.ms2.rife.customer.EditCustomerPw"
>>>>>>                   url="/customerchangepw" inherits="AuthClient">
>>>>>>              <inbean name="customer" prefix="pre_"
>>>>>>
>>>>>> classname="de.sourcepark.ms2.rife.customer.CBCustomerPwEdit"/>
>>>>>>              <autolink srcexit="CustomerList"/>
>>>>>>          </element>
>>>>>>
>>>>>> Everything works fine when I login with accounts that have the  
>>>>>> admin
>>>>>> rolle assigned to. When I try to login as normal user I always get
>>>>>> an
>>>>>> invalid credentials error.
>>>>>>
>>>>>> When debugging my CredentialsManager I checked the credentials I  
>>>>>> get
>>>>>> as
>>>>>> parameter in the verifyCredentials method the credentials with
>>>>>> password
>>>>>> and username as expected but the role is always set to Admin.  
>>>>>> When I
>>>>>> remove the Admin role form the AuthClient element the role is  
>>>>>> always
>>>>>> set
>>>>>> to Client. Shouldn' t the credentials given containing all the  
>>>>>> roles
>>>>>> allowed for the element ?
>>>>>>
>>>>>> Where is my fault ?
>>>>>>
>>>>>>
>>>>>>            
>>>>> --
>>>>> Geert Bevin
>>>>> Terracotta - http://www.terracotta.org
>>>>> Uwyn "Use what you need" - http://uwyn.com
>>>>> RIFE Java application framework - http://rifers.org
>>>>> Music and words - http://gbevin.com
>>>>>
>>>>>
>>>>>
>>>>>          
>>> --
>>> Geert Bevin
>>> Terracotta - http://www.terracotta.org
>>> Uwyn "Use what you need" - http://uwyn.com
>>> RIFE Java application framework - http://rifers.org
>>> Music and words - http://gbevin.com
>>>
>>>
>>>      
>>    
>
> --
> Geert Bevin
> Terracotta - http://www.terracotta.org
> Uwyn "Use what you need" - http://uwyn.com
> RIFE Java application framework - http://rifers.org
> Music and words - http://gbevin.com
>
>
> >
>  

>
> Hi Geert,
>
> ok added to Jira.
>
> Ciao
>   Matthias
>
> Geert Bevin schrieb:
>> Hi Matthias,
>>
>> can you please add it to the Jira issue tracker and describe all this
>> (copy paste of email snippets is ok). Then I wont forget it :-)
>>
>> Thanks!
>>
>> Geert
>>
>> On 22 May 2008, at 15:21, Matthias Barmeier wrote:
>>
>>
>>> Hi Geert,
>>>
>>> perfect. I think this would be (at least for me ;) ) a real good
>>> feature.
>>>
>>> Ciao
>>>   Matthias
>>>
>>>
>>>
>>> Geert Bevin schrieb:
>>>
>>>> Hi Matthias,
>>>>
>>>> I was thinking along the same lines, but instead with something
>>>> generic, like:
>>>>
>>>> <property name="role">
>>>>  <list>
>>>>    <item>Client</item>
>>>>    <item>Admin</item>
>>>>  </list>
>>>> </property>
>>>>
>>>> This would then create a list with those two item added to it.
>>>>
>>>> When used with Java to build the element, this would even be  
>&g