question from another cocoon user...

[Roman Kunert <ro...@hsh-berlin.com>]

Yann wrote:
> 
> > read this
> >
> > http://www.zdnet.com/zdnn/stories/comment/0,5859,2555159,00.html
> >
> > > What amazes me the most is that open source has gained so much
> > > momentum without showing any goods. It's a dot-com.all hype and
> > > speculation and no fundamentals. It's like an onion in a bushel
> > > of apples. Someone might notice that it looks and tastes different,
> > > but peel away its layers, and there's nothing there.
> >
> > Some people simply aren't smart enough to get it.
> 
> Well, you know, some columnists are such attention-seekers...
> 
> But let me tell you that I am just about to install my first Cocoon-powered
> web-app on a production server. It took me 3 week to write it: 1 to play
> with Cocoon and installation issues, 1 to write XSP pages and some Java
> business objects using JBuilder Foundation 3.5, finally 1 to design the look
> and feel, learning about XSL and dealing with cosmetic things.
> 
> And it's there, my internal users can't wait to use it, I don't have to
> spend time installing stuff on people's PCs and I can patch my code whenever
> I want. The web-app deals with user session and security, does some database
> update and retrieves some resultsets.
> 
> 3 weeks from not having used Cocoon nor the Apache server!!!
> 
> And it's not even like I was a servlet-guru. I knew the concepts and was
> proficient in Java, that's all.
> 
> Basically, it all happened because Cocoon is a damned clever framework.
> People were also very helpful on the list. The guy who wrote this article is
> just trying to sound clever but doesn't have a grasp on reality.
> 
> Yann.

Hi Yann,
sorry for bothering you, but I am working on a similar project and I am
struggling with implementing user session and security. Did you use
extra servlets or did you get the session taglib working? Currently I am
thinking about a DB driven authentication with session tracking. I
cannot help dreaming about a phplib-like site,user,role authentication
mechanism per page. Something like:

<page user="foo" role="users" security="high">
..
</page>

If I'll have time I try to work on that.

Any help is welcome.
Thanks, Ro.

Re: question from another cocoon user...

[Yann <yl...@ims.ltd.uk>]

> Hi Yann,
> sorry for bothering you, but I am working on a similar project and I am
> struggling with implementing user session and security. Did you use
> extra servlets or did you get the session taglib working? Currently I am
> thinking about a DB driven authentication with session tracking. I
> cannot help dreaming about a phplib-like site,user,role authentication
> mechanism per page. Something like:
>
> <page user="foo" role="users" security="high">
> ..
> </page>

Well effectively, each of my page has got at the beginning an xsp:logic
entity where I check wether the HttpSession object has got a particular
value ("loggedin") set to true (if the session object is null I create it,
creating a new session). If not I redirect to a login page. The login page
will check in a db whether the combination of username/password is in a
table. I use a business object Authentification for that. In case of success
I redirect to a main page or the page that people were trying to access
before being redirected to the login page. I then set the loggedin session
value to true.

Now I don't know wether that is the cleanest technic but it does the job.

Yann.