How to handle externally defined session ID & authentication (2.1.4)

[Andrei Lunjov <an...@alpitek.com>]

Hi,
I am new to "cocoon internals" and I really need some starting points at
least - please help.

I am making a kind of web-service(not standard) that works as a part of
corporate portal - provides dynamic content. Unfortunately most of the
things are out of my control - I can't get normal servlet session & etc.

So I am given with session ID and some basic session info in request
parameters by portal front-end. Logins are managed there too - I get
already authenticated user. Now I need to make this mechanism
transparent for my Cocoon application:
- make sessions to work needed for continuations and also I need to
cache additional user information in session.
- authentication is very tricky - user can impersonate himself "to be
someone else" and I get this info with every request - so I need to
override auth-fw to ask authentication handler to provide new roles and
impersonated identity upon every request - not to cache it in session
since user is logged in as it is now.

I have quite strict design reqs - for guy making concrete pages
everything shoul look as standard as possible - so I shouth provide
cocoon session and authentication context. Seems it is doable, but
please provide me with guidelines if possible - what components should I
override/replace.


Andrei


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org