You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Mark Lundquist <ml...@wrinkledog.com> on 2003/12/18 22:43:56 UTC

Authentication using query-string data; etc.

OK, I'm sure that what I need to do has been done many times before... 
:-)

I'll describe what it is and how I mean to accomplish it.  I'd 
appreciate any feedback! :-)

THE PROBLEM:  The pages of a web app are protected with the 
auth-protect action in the usual way.  If they are not logged in, they 
are redirected to a login page.  However... the user may also reach the 
site from a link on a foreign page, which embeds their authentication 
information in the URL, e.g:

	http://dom.ain/home?id:password

I want this request to log the user in and serve up the homepage.

THE SOLUTION (I think :-):  In the pipeline that serves the login page, 
use <map:act type="auth-login">, but invoke the handler with id and 
password extracted from the query string.  If the action succeeds, 
redirect to the original page.  If the action fails, then serve up the 
login page.

Is this the way it's usually done?

If so... how do I access the query-string from my sitemap?  Do I use an 
Input Module?  I read the Modules documentation from the Cocoon 2.1 
userdocs, but I was not able to understand it :-(.

Also... is there a way to access cookies from within the sitemap?

Thanks for any help with my noob questions :-)

Mark Lundquist

Re: Authentication using query-string data; etc.

Posted by Jean-Christophe Kermagoret <jc...@babelobjects.com>.

Mark Lundquist wrote:

> OK, I'm sure that what I need to do has been done many times before... 
> :-)
>
> I'll describe what it is and how I mean to accomplish it. I'd 
> appreciate any feedback! :-)
>
> THE PROBLEM: The pages of a web app are protected with the 
> /auth-protect/ action in the usual way. If they are not logged in, 
> they are redirected to a login page. However... the user may also 
> reach the site from a link on a foreign page, which embeds their 
> authentication information in the URL, e.g:
>
> http://dom.ain/home?/id:password/
>
> I want this request to log the user in and serve up the homepage.
>
> THE SOLUTION (I think :-): In the pipeline that serves the login page, 
> use <map:act type="auth-login">, but invoke the handler with id and 
> password extracted from the query string. If the action succeeds, 
> redirect to the original page. If the action fails, then serve up the 
> login page.
>
> Is this the way it's usually done?
>
> If so... how do I access the query-string from my sitemap? Do I use an 
> Input Module? I read the Modules documentation from the Cocoon 2.1 
> userdocs, but I was not able to understand it :-(.
>
> Also... is there a way to access cookies from within the sitemap?
>
> Thanks for any help with my noob questions :-)
>
> Mark Lundquist
>
Hello Mark,
just use {request-param:login} and {request-param:passwd} to access 
parameters of your query.

HTH,

-- 

Jean-Christophe Kermagoret
jck@BabelObjects.Com



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org