You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Martin Rusnak <ma...@cyberspace.sk> on 2005/04/14 19:11:22 UTC

Authentication framework and user bean

Dear all,

I use authentication framework with my own Authenticator class derived from
org.apache.cocoon.webapps.authentication.components.Authenticator.
Authenticatioin framework needs user data to be stored as XML in the session
context, but the business logic part of my application works with user bean.
Converting the XML to user bean every time the HTTP request is performed would
unnecessarily take CPU and memory resources. Therefore it would be useful to
store user bean in the session insted of XML. Is it possible to do with
authentication framework or do I need to implement the authentication myself?

Best regards,
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Authentication framework and user bean

Posted by Martin Rusnak <ma...@cyberspace.sk>.

 >
 > To be a little clearer,
 >
 > function authenticate_user()
 > {
 >     var user = service.authenticateUser(cocoon.request.get("username"), cocoon.request.get("password"));
 >     if(user!=null){cocoon.session.setAttribute("user", user);cocoon.session.setAttribute("loggedIn", "true")}
 >     cocoon.sendPage("internal/xml-user", {user : user});
 > }
 >
 > the "internal/xml-user" is what generates teh xml for the auth-fw
 >
 > service is a java class I use to handle all the methods of my own user/role management.
 >

In your code, the login process is implemented in flow script. My approach
is little bit different, I implemented only the authenticator class. For the
rest of authentication frunctionality I use existing auth fw actions in
similar way as it is described in auth fw documentation. The question is,
how can I access the session from my authenticator class in order to store
user bean?

Here are the code snippets of my implementation:

Class MyAuthenticator extends Authenticator and is configured in sitemap:

  <authentication-manager>
    <handlers>
      <handler name="portalhandler">
        <redirect-to uri="cocoon:/login"/>
        <authentication authenticator="myportal.MyAuthenticator"/>
      </handler>
    </handlers>
  </authentication-manager>


Java source of MyAuthenticator:

public class MyAuthenticator implements Authenticator, Serviceable {

...

         public AuthenticationResult authenticate(HandlerConfiguration configuration,
                                                  SourceParameters parameters)
         throws ProcessingException {
                 String userID = parameters.getParameter("userid");
                 String password = parameters.getParameter("password");

                 // Create authentication XML tree
                 Document doc = DOMUtil.createDocument();
                 Element authElement =
                         doc.createElementNS(null, "authentication");
                 doc.appendChild(authElement);

                 if (verifyPasswordInDb(userID, password)) {
                         Element element = doc.createElementNS(null, "ID");
                         element.appendChild(doc.createTextNode(userID));
                         authElement.appendChild(element);

                         return new AuthenticationResult(true, doc);
                 } else {
                         Element element = doc.createElementNS(null, "data");
                         element.appendChild(doc.createTextNode("Bad user name or password."));
                         authElement.appendChild(element);

                         return new AuthenticationResult(false, doc);
                 }
         }

...

}

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Authentication framework and user bean

Posted by JD Daniels <jd...@kismetsoftware.com>.

To be a little clearer,

function authenticate_user()
{
     var user = service.authenticateUser(cocoon.request.get("username"), 
cocoon.request.get("password"));
     if(user!=null){cocoon.session.setAttribute("user", 
user);cocoon.session.setAttribute("loggedIn", "true")}
     cocoon.sendPage("internal/xml-user", {user : user});
}

the "internal/xml-user" is what generates teh xml for the auth-fw

service is a java class I use to handle all the methods of my own 
user/role management.


JD Daniels wrote:
> I wrote my own user/role beans and use them in the auth fw. when the 
> login is successful, i just store the bean in the session and use it 
> everywhere. I dont use the xml in the session much except to use the 
> auth fw is_logged_in type stuff.
> 
> JD
> 
> Martin Rusnak wrote:
> 
>> Dear all,
>>
>> I use authentication framework with my own Authenticator class derived 
>> from
>> org.apache.cocoon.webapps.authentication.components.Authenticator.
>> Authenticatioin framework needs user data to be stored as XML in the 
>> session
>> context, but the business logic part of my application works with user 
>> bean.
>> Converting the XML to user bean every time the HTTP request is 
>> performed would
>> unnecessarily take CPU and memory resources. Therefore it would be 
>> useful to
>> store user bean in the session insted of XML. Is it possible to do with
>> authentication framework or do I need to implement the authentication 
>> myself?
>>
>> Best regards,
>> Martin
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>> For additional commands, e-mail: users-help@cocoon.apache.org
>>
>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Authentication framework and user bean

Posted by JD Daniels <jd...@kismetsoftware.com>.

I wrote my own user/role beans and use them in the auth fw. when the 
login is successful, i just store the bean in the session and use it 
everywhere. I dont use the xml in the session much except to use the 
auth fw is_logged_in type stuff.

JD

Martin Rusnak wrote:
> Dear all,
> 
> I use authentication framework with my own Authenticator class derived from
> org.apache.cocoon.webapps.authentication.components.Authenticator.
> Authenticatioin framework needs user data to be stored as XML in the 
> session
> context, but the business logic part of my application works with user 
> bean.
> Converting the XML to user bean every time the HTTP request is performed 
> would
> unnecessarily take CPU and memory resources. Therefore it would be 
> useful to
> store user bean in the session insted of XML. Is it possible to do with
> authentication framework or do I need to implement the authentication 
> myself?
> 
> Best regards,
> Martin
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org