You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Andrei Lunjov <an...@alpitek.com> on 2004/03/01 10:11:27 UTC

Advise needed - how to handle externally defined session ID & authentication (2.1.4)

Hi,
I am new to "cocoon internals" and I really need some starting points at 
least - please help.

I am making a kind of web-service(not standard) that works as a part of 
corporate portal - provides dynamic content. Unfortunately most of the 
things are out of my control - I can't get normal servlet session & etc.

So I am given with session ID and some basic session info in request 
parameters by portal front-end. Logins are managed there too - I get 
already authenticated user. Now I need to make this mechanism 
transparent for my Cocoon application:
- make sessions to work needed for continuations and also I need to 
cache additional user information in session.
- authentication is very tricky - user can impersonate himself "to be 
someone else" and I get this info with every request - so I need to 
override auth-fw to ask authentication handler to provide new roles and 
impersonated identity upon every request - not to cache it in session 
since user is logged in as it is now.

I have quite strict design reqs - for guy making concrete pages 
everything shoul look as standard as possible - so I shouth provide 
cocoon session and authentication context. Seems it is doable, but 
please provide me with guidelines if possible - what components should I 
override/replace.


Andrei