You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by kk...@netscape.net on 2004/02/04 17:15:47 UTC
Authentication Framework - Automatic Sign-in?
I am using cocoon 2.1 with the authentication framework to build an application that is for both PC and smartphone users. Mobile users should be authenticated automatically through their msisdn which I can get from the http header. I got this to work with an authentication resource that executes the auth-login action and - on success - redirects to the originally requested resource (and otherwise shows the login screen). So far so good - this works fine for http GETs.
There is one case where an unprotected page does a http POST to a protected page. In this case, I lose the parameters of the POST, I could not find a way to have them forwarded to the redirect-resource of the authentication manager. The documentation says somewhere that it should but it is not visible in the RequestDumperValve traces. BTW, I also noticed that the authentication redirect is a http redirect even if I specify the cocoon: protocol.
Anybody can help? I would appreciate it.
Cheers
Konstantin
__________________________________________________________________
Nur bei Netscape: Ihr KOSTENLOSER Netscape WebMail-Account und der Instant Messenger unter http://www.netscape.de
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication Framework - Automatic Sign-in?
Posted by Mark Lundquist <ml...@wrinkledog.com>.
On Feb 6, 2004, at 4:26 AM, Joerg Heinicke wrote:
> On 04.02.2004 18:23, Mark Lundquist wrote:
>
>>> BTW, I also noticed that the authentication redirect is a http
>>> redirect even if I specify the cocoon: protocol.
>> I noticed that as well, and wondered about it too. ??
>
> Uh? That would be not correct of course. Does this happen only for the
> authentication framework? Or only with non-PC browsers? Can you
> elaborate more on this and file a bug if you have a more concise bug
> description?
I'll try to put together a cut-down test case for this and research it
a little more. It may be a little while before I can find time to do
it...
~ml
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication Framework - Automatic Sign-in?
Posted by Joerg Heinicke <jo...@gmx.de>.
On 04.02.2004 18:23, Mark Lundquist wrote:
>> BTW, I also noticed that the authentication redirect is a http
>> redirect even if I specify the cocoon: protocol.
>
> I noticed that as well, and wondered about it too. ??
Uh? That would be not correct of course. Does this happen only for the
authentication framework? Or only with non-PC browsers? Can you
elaborate more on this and file a bug if you have a more concise bug
description?
Thanks,
Joerg
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication Framework - Automatic Sign-in?
Posted by Mark Lundquist <ml...@wrinkledog.com>.
On Feb 4, 2004, at 8:15 AM, kk020403@netscape.net wrote:
> I am using cocoon 2.1 with the authentication framework to build an
> application that is for both PC and smartphone users. Mobile users
> should be authenticated automatically through their msisdn which I can
> get from the http header. I got this to work with an authentication
> resource that executes the auth-login action and - on success -
> redirects to the originally requested resource (and otherwise shows
> the login screen). So far so good - this works fine for http GETs.
That's funny... I implemented the same thing just yesterday (not w/
"msisdn", but same idea, with the authentication resource invoke the
auth-login action... just as you describe).
>
> There is one case where an unprotected page does a http POST to a
> protected page. In this case, I lose the parameters of the POST, I
> could not find a way to have them forwarded to the redirect-resource
> of the authentication manager. The documentation says somewhere that
> it should but it is not visible in the RequestDumperValve traces.
Sorry, I can't help with that (but I'll be watching for the answer...)
> BTW, I also noticed that the authentication redirect is a http
> redirect even if I specify the cocoon: protocol.
I noticed that as well, and wondered about it too. ??
~mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org