You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by "Messing, Elad" <el...@eml-d.villa-bosch.de> on 2005/04/06 14:20:12 UTC
Authorization (not Authentication) in Cocoon Auth. framework
Hello All
I am looking for the best way to handle authorization in my
application.
Authentication is handled nicely by the Auth. Framework, but I
cannot seem to find the hook for the authorization..
What I mean is, once a user is requesting for a resource, the
Auth.
Framework is checking if the user authenticated - I.E. already passed
through the login procedure, and now has a session with the auth.
Context etc. This is good, but I also need to check if the user - now
that I know it has been authenticated - has the authorization of
accessing the specific resource.
I was looking for an "Authorizator" interface, or something
similar, to allow me a hook where I can introduce the code that will use
the user's Role, with my database of permissions. I cannot seem to find
it..
What would you suggest ?
Thank you !
Elad Messing
Re: Authorization (not Authentication) in Cocoon Auth. framework
Posted by Grzegorz Sikora <sz...@op.pl>.
Hello Elad,
Wednesday, April 6, 2005, 2:20:12 PM, you wrote:
ME> Context etc. This is good, but I also need to check if the
ME> user - now that I know it has been authenticated - has the
ME> authorization of accessing the specific resource.
ME> I was looking for an "Authorizator" interface, or
ME> something similar, to allow me a hook where I can introduce the
ME> code that will use the user's Role, with my database of
ME> permissions. I cannot seem to find it..
AFAIK despite what doc says: "One central point in building a web application is
authentication and authorization. The Cocoon authentication framework is a flexible module for authentication, authorization and user management."
- Cocoon dont have any resource authorization support. I've created
for own usage slighty modificated auth-protect action which is role
sensitive. It looks like ordinary auth-protect action but requires
role list which can access body of action (stuff between
<map:act></map:act>). If role doesnt match user is redirected to
page with info 'insufficient privileges'.
It's really simple, just look at source code of this
action to get idea how to modify it. Anyway I can send you pice of code...
--
Best regards,
Grzegorz Sikora
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authorization (not Authentication) in Cocoon Auth. framework
Posted by Adam Ratcliffe <ad...@prema.co.nz>.
Hi Elad
I've integrated the Sun XACML library into a cocoon project recently
for handling authorization. It provides policy-based access
for resources, where policy rules are evaluated using subject,
resource, and environment attributes. Let me know if you'd like
further information.
Cheers
Adam
On 7 Apr, 2005, at 12:20 AM, Messing, Elad wrote:
> Hello All
> I am looking for the best way to handle authorization in my
> application.
> Authentication is handled nicely by the Auth. Framework, but I
> cannot seem to find the hook for the authorization..
>
> What I mean is, once a user is requesting for a resource, the
> Auth.
> Framework is checking if the user authenticated - I.E. already passed
> through the login procedure, and now has a session with the auth.
>
> Context etc. This is good, but I also need to check if the user - now
> that I know it has been authenticated - has the authorization of
> accessing the specific resource.
>
> I was looking for an "Authorizator" interface, or something
> similar, to allow me a hook where I can introduce the code that will
> use the user's Role, with my database of permissions. I cannot seem to
> find it..
>
> What would you suggest ?
>
> Thank you !
>
> Elad Messing
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Betr.: Re: Passing request headers
Posted by Pe...@mediacenter.nl.
Hi Volkm@r
Thanks for your answer. I think we have a little misunsderstanding. I'm not
very experienced in the web world, so perhaps I use the wrong terminology,
in which case, please straighten me out. Or, if I completely missed your
point, straighten me out as well :-)
There are many ways to pass request parameters to HtmlGenerator, but what I
want to do is change the outgoing request header. In Java, I would do it
like this:
URL url = new URL( "http://old-server/legacy.html" );
URLConnection conn = url.openConnection();
conn.setRequestProperty( "accept-language", "nl" );
After that you can open a stream and let Tidy do its thing. This works: if
I give it "nl" I get 08-04-2005 and if I give it "en-us" I get 04/08/2005
if that date happens to be in the html.
I don't see any way to tell HtmlGenerator to do that. Perhaps Upayavira is
right and I need to subclass HtmlGenerator. The Cocoon source is very new
to me so this will take some time.
news <ne...@sea.gmane.org> wrote on 07-04-2005 10:28:17:
> Peter.Urbanus@mediacenter.nl wrote:
> > [...]
> > Thanks, Volkm@r.
> > Do you mean that you can have HtmlGenerator operate on a request
attribute?
> > If i understand that correctly, that would mean you can read your html
from
> > a POST request. That wouldn't help, because I want that html from the
old
> > server. You know, send it a http request like
> >
> > GET http://old-server/legacy.html HTTP/1.1
> > accept-language: nl, en-us
> > etc.
> >
> > I browsed the source oif HtmlTransformer, and it also has a parameter
> > copy-parameters, but that wouldn't help me either, it just copies the
> > query-string at the end of the src attribute.
> >
> > Or am I totally missing something?
> >
> > Peter
>
> Hi Peter,
> What I understand from that documentation mentioned is that you can use
> "generate" with additional parameters.
>
> So if you have a request like
>
> http://yourServer/yourPath?Source=http://foo.bar.tld
>
> which will be matched by your pipeline, you could pass additional
> parameters.
>
> ---------------------------------
> <map:match pattern="yourPath">
> <map:generate type="html" src="{request-param:Source}">
> <map:parameter name="..." value="..."/>
> </map:generate>
> ...
> </map:match>
> ---------------------------------
>
> Sorry, if I'm wrong. Haven't tested that case.
> --
> Volkm@r
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Passing request headers
Posted by "Volkm@r" <pl...@arcor.de>.
Peter.Urbanus@mediacenter.nl wrote:
> [...]
> Thanks, Volkm@r.
> Do you mean that you can have HtmlGenerator operate on a request attribute?
> If i understand that correctly, that would mean you can read your html from
> a POST request. That wouldn't help, because I want that html from the old
> server. You know, send it a http request like
>
> GET http://old-server/legacy.html HTTP/1.1
> accept-language: nl, en-us
> etc.
>
> I browsed the source oif HtmlTransformer, and it also has a parameter
> copy-parameters, but that wouldn't help me either, it just copies the
> query-string at the end of the src attribute.
>
> Or am I totally missing something?
>
> Peter
Hi Peter,
What I understand from that documentation mentioned is that you can use
"generate" with additional parameters.
So if you have a request like
http://yourServer/yourPath?Source=http://foo.bar.tld
which will be matched by your pipeline, you could pass additional
parameters.
---------------------------------
<map:match pattern="yourPath">
<map:generate type="html" src="{request-param:Source}">
<map:parameter name="..." value="..."/>
</map:generate>
...
</map:match>
---------------------------------
Sorry, if I'm wrong. Haven't tested that case.
--
Volkm@r
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Passing request headers
Posted by Upayavira <uv...@upaya.co.uk>.
Peter.Urbanus@mediacenter.nl wrote:
> Thanks, Volkm@r.
> Do you mean that you can have HtmlGenerator operate on a request attribute?
> If i understand that correctly, that would mean you can read your html from
> a POST request. That wouldn't help, because I want that html from the old
> server. You know, send it a http request like
>
> GET http://old-server/legacy.html HTTP/1.1
> accept-language: nl, en-us
> etc.
>
> I browsed the source oif HtmlTransformer, and it also has a parameter
> copy-parameters, but that wouldn't help me either, it just copies the
> query-string at the end of the src attribute.
>
> Or am I totally missing something?
If you're happy reading the sources, then make yourself another
HTMLTransformer, that extends the previous one, giving it the
functionality you require.
Regards, Upayavira
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Passing request headers
Posted by Pe...@mediacenter.nl.
> Peter.Urbanus@mediacenter.nl wrote:
> >
> >
> >
> > Hi all
> >
> > Does anybody have any idea how you pass request headers to an
> > HtmlGenerator? Like accept-language and the authentication stuff?
> > I'm using <map:generate type="html" src="http://old-server/legacy.html"
/>
> > and it formats numbers and dates the American way. And it asks for
> > authentication.
> >
> > Thanks,
> > Peter Urbanus
>
> I remember I saw something similar in
> <http://cocoon.apache.org/2.1/userdocs/generators/html-generator.html>
>
> HTH
> --
> Volkm@r
>
>
Thanks, Volkm@r.
Do you mean that you can have HtmlGenerator operate on a request attribute?
If i understand that correctly, that would mean you can read your html from
a POST request. That wouldn't help, because I want that html from the old
server. You know, send it a http request like
GET http://old-server/legacy.html HTTP/1.1
accept-language: nl, en-us
etc.
I browsed the source oif HtmlTransformer, and it also has a parameter
copy-parameters, but that wouldn't help me either, it just copies the
query-string at the end of the src attribute.
Or am I totally missing something?
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Passing request headers
Posted by "Volkm@r" <pl...@arcor.de>.
Peter.Urbanus@mediacenter.nl wrote:
>
>
>
> Hi all
>
> Does anybody have any idea how you pass request headers to an
> HtmlGenerator? Like accept-language and the authentication stuff?
> I'm using <map:generate type="html" src="http://old-server/legacy.html" />
> and it formats numbers and dates the American way. And it asks for
> authentication.
>
> Thanks,
> Peter Urbanus
I remember I saw something similar in
<http://cocoon.apache.org/2.1/userdocs/generators/html-generator.html>
HTH
--
Volkm@r
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Passing request headers
Posted by Pe...@mediacenter.nl.
Hi all
Does anybody have any idea how you pass request headers to an
HtmlGenerator? Like accept-language and the authentication stuff?
I'm using <map:generate type="html" src="http://old-server/legacy.html" />
and it formats numbers and dates the American way. And it asks for
authentication.
Thanks,
Peter Urbanus
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org