You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by ro...@talk21.com on 2000/02/14 16:39:15 UTC
cocoon security model
has anyone got a security model that works with cocoon
I would like to setup a password login screen using a form and authenticate against a database
I can do this if the whole site is built on servlets, but I can't figure out how this can be done with using xml files that are parsed by cocoon.
thanks
Ron
--------------------
talk21 your FREE portable and private address on the net at http://www.talk21.com
Re: cocoon security model
Posted by Russell Castagnaro <ru...@synctank.com>.
Ron,
Since cocoon IS a servlet, I'm not sure how you want to access everything? Do you want to have one list of users and passwords that provides access
to all xml docs? Do you want have an acl for each resource? How do you want to avoid using servlets?
-rrc
ron.chan@talk21.com wrote:
> has anyone got a security model that works with cocoon
>
> I would like to setup a password login screen using a form and authenticate against a database
>
> I can do this if the whole site is built on servlets, but I can't figure out how this can be done with using xml files that are parsed by cocoon.
>
> thanks
> Ron
>
> --------------------
> talk21 your FREE portable and private address on the net at http://www.talk21.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org
--
Russell Castagnaro
Chief Mentor
SyncTank Solutions
http://www.synctank.com
Earth is the cradle of mankind; one does not remain in the cradle forever
-Tsiolkovsky
Re: cocoon security model, long rant
Posted by Ulrich Mayring <ul...@denic.de>.
Stefano Mazzocchi wrote:
> People are evaluating the possibility to use Cocoon inside Turbine
> (java.apache.org/turbine/) a framework that provides that kind of
> security model...
> on my side, I'm still not sure if Cocoon should provide that or not...
Let me chip in: Naah.. :-)
Seriously, security and authentication can be done in millions of ways,
in hardware, in software, on many layers of many protocols and
applications - why would we want to add another complexity? I mean, if
the cocoon developers have time to kill or think this would be fun to
code, then fine :)
However, as I understand cocoon (or assume other people to understand
it), it is an information publishing framework. We (cocoon users,
webmasters) have high-level problems of data integrity and managability
(sp?). We want to generate lots of stuff from one simple input format.
We want to spend less time managing data and files. We want to let our
co-workers, our suppliers and our customers manage their data themselves
without breaking anything. We want libraries of Java code that
non-programmers can easily use in the pages they create. And, of course,
we want open standards and OpenSource and we want to participate ;-)
Therefore, although I don't know what this mythical sitemap for cocoon2
will be, but it definitely sounds like something in the area of my above
rant. I would be happy if cocoon concentrated on high-level things - as
long as I can load my own Java classes, I can do anything that the
cocoon developers don't like :)
I've written my own subset of a cocoon-look-alike (called it htmlgp for
html generator and parser), before I knew that cocoon existed. So you
can imagine how desperate I was with these high-level problems: I had to
write my own software, because the commercial products wouldn't let me
hook into their guts. What is interesting is that - although I had not
the faintest idea of XML/XSLT et. al. - my program is source format
compatible to cocoon, because the syntax I "invented" was almost XML.
When I found out about XML I tweaked it a bit and now I can take a
source file and run it through htmlgp or cocoon and get the same HTML
code. So, what's the point you might ask? Very simple, I did much
thinking about these high-level problems during the design phase of my
own program and I came to pretty much the same conclusion as the cocoon
developers (apparently) did. Which is that solving high-level problems
has the steepest upline in terms of productivity - my program is very
slow, but it is so much faster and so much less prone to error than
doing websites manually.
Ulrich
--
Ulrich Mayring
DENIC eG, software development
ulim@denic.de
Re: cocoon security model
Posted by Stefano Mazzocchi <st...@apache.org>.
ron.chan@talk21.com wrote:
>
> has anyone got a security model that works with cocoon
>
> I would like to setup a password login screen using a form and authenticate against a database
>
> I can do this if the whole site is built on servlets, but I can't figure out how this can be done with using xml files that are parsed by cocoon.
People are evaluating the possibility to use Cocoon inside Turbine
(java.apache.org/turbine/) a framework that provides that kind of
security model...
on my side, I'm still not sure if Cocoon should provide that or not...
--
Stefano Mazzocchi One must still have chaos in oneself to be
able to give birth to a dancing star.
<st...@apache.org> Friedrich Nietzsche
--------------------------------------------------------------------
Come to the first official Apache Software Foundation Conference!
------------------------- http://ApacheCon.Com ---------------------
Re: cocoon security model
Posted by Donald Ball <ba...@webslingerZ.com>.
On Mon, 14 Feb 2000 ron.chan@talk21.com wrote:
>
> has anyone got a security model that works with cocoon
>
> I would like to setup a password login screen using a form and
> authenticate against a database
>
> I can do this if the whole site is built on servlets, but I can't
> figure out how this can be done with using xml files that are parsed
> by cocoon.
You're almost certainly better off doing authentication at the web server
layer. Is there some reason why this would not work for you?
- donald