WebStack

docs/users.html

400:5b276bbcbbb5
2005-07-16 paulb [project @ 2005-07-16 20:32:38 by paulb] Changed virtual path info in sub-resources so that it may be an empty string.
     1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">     2 <html xmlns="http://www.w3.org/1999/xhtml">     3 <head>     4   <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type" />     5   <title>Users and Authentication</title>     6   <meta name="generator"     7  content="amaya 8.1a, see http://www.w3.org/Amaya/" />     8   <link href="styles.css" rel="stylesheet" type="text/css" />     9 </head>    10 <body>    11 <h1>Users and Authentication</h1>    12 <p>One way of discovering the identity of the user sending a request    13 into your application is&nbsp;to test the identity using methods on the    14 transaction object. Before this can be made to work, you must&nbsp;set    15 up authentication for your application, as described in <a    16  href="securing.html">"Securing a WebStack Application"</a>. Once    17 authentication is working, every request that arrives in the    18 application will have the identity of the user attached automatically.</p>    19 <h2>Uses of User Identity</h2>    20 <p>Having access to a user's identity can be useful in making decisions    21 about which operations that user is able to perform within your    22 application. Moreover, the user identity provided by authentication    23 mechanisms can tell you more about who that user is, as opposed to    24 typical session information which, on its own, can only really confirm    25 that the user in question has visited the application before.</p>    26 <div class="WebStack">    27 <h3>WebStack API - User Identity</h3>    28 <p>Transaction objects have the following methods for inspecting and    29 redefining the identity of users:</p>    30 <dl>    31   <dt><code>get_user</code></dt>    32   <dd>This gets the name of the user attempting to access the    33 application.</dd>    34   <dt><code>set_user</code></dt>    35   <dd>This sets the name of the user, thus affecting subsequent calls    36 to <code>get_user</code>, allowing certain parts of an application to    37 view users according to other criteria than their basic username - for    38 example, one might use <code>set_user</code> to redefine each user's    39 identity in terms of the role that user may have in an application.</dd>    40 </dl>    41 </div>    42 </body>    43 </html>