You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by kk...@netscape.net on 2004/02/04 17:15:47 UTC

Authentication Framework - Automatic Sign-in?

I am using cocoon 2.1 with the authentication framework to build an application that is for both PC and smartphone users. Mobile users should be authenticated automatically through their msisdn which I can get from the http header. I got this to work with an authentication resource that executes the auth-login action and - on success - redirects to the originally requested resource (and otherwise shows the login screen). So far so good - this works fine for http GETs. 

There is one case where an unprotected page does a http POST to a protected page. In this case, I lose the parameters of the POST, I could not find a way to have them forwarded to the redirect-resource of the authentication manager. The documentation says somewhere that it should but it is not visible in the RequestDumperValve traces. BTW, I also noticed that the authentication redirect is a http redirect even if I specify the cocoon: protocol. 

Anybody can help? I would appreciate it. 

Cheers
Konstantin

__________________________________________________________________
Nur bei Netscape: Ihr KOSTENLOSER Netscape WebMail-Account und der Instant Messenger unter http://www.netscape.de

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Authentication Framework - Automatic Sign-in?

Posted by Mark Lundquist <ml...@wrinkledog.com>.

On Feb 6, 2004, at 4:26 AM, Joerg Heinicke wrote:

> On 04.02.2004 18:23, Mark Lundquist wrote:
>
>>>  BTW, I also noticed that the authentication redirect is a http 
>>> redirect even if I specify the cocoon: protocol.
>> I noticed that as well, and wondered about it too. ??
>
> Uh? That would be not correct of course. Does this happen only for the 
> authentication framework? Or only with non-PC browsers? Can you 
> elaborate more on this and file a bug if you have a more concise bug 
> description?

I'll try to put together a cut-down test case for this and research it 
a little more.  It may be a little while before I can find time to do 
it...
~ml



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Authentication Framework - Automatic Sign-in?

Posted by Joerg Heinicke <jo...@gmx.de>.

On 04.02.2004 18:23, Mark Lundquist wrote:

>>  BTW, I also noticed that the authentication redirect is a http 
>> redirect even if I specify the cocoon: protocol.
> 
> I noticed that as well, and wondered about it too. ??

Uh? That would be not correct of course. Does this happen only for the 
authentication framework? Or only with non-PC browsers? Can you 
elaborate more on this and file a bug if you have a more concise bug 
description?

Thanks,

Joerg

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Authentication Framework - Automatic Sign-in?

Posted by Mark Lundquist <ml...@wrinkledog.com>.

On Feb 4, 2004, at 8:15 AM, kk020403@netscape.net wrote:

> I am using cocoon 2.1 with the authentication framework to build an 
> application that is for both PC and smartphone users. Mobile users 
> should be authenticated automatically through their msisdn which I can 
> get from the http header. I got this to work with an authentication 
> resource that executes the auth-login action and - on success - 
> redirects to the originally requested resource (and otherwise shows 
> the login screen). So far so good - this works fine for http GETs.

That's funny... I implemented the same thing just yesterday (not w/  
"msisdn", but same idea, with the authentication resource invoke the 
auth-login action... just as you describe).

>
> There is one case where an unprotected page does a http POST to a 
> protected page. In this case, I lose the parameters of the POST, I 
> could not find a way to have them forwarded to the redirect-resource 
> of the authentication manager. The documentation says somewhere that 
> it should but it is not visible in the RequestDumperValve traces.

Sorry, I can't help with that (but I'll be watching for the answer...)

>  BTW, I also noticed that the authentication redirect is a http 
> redirect even if I specify the cocoon: protocol.

I noticed that as well, and wondered about it too. ??

~mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org