You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Per Kreipke <pe...@onclave.com> on 2002/08/07 21:24:06 UTC
SunRise with container managed security...
I've had the demo code working and gotten the SunRise authentication to work
off static files and am about to try it off a DB.
However, what I'm really interested in, since Cocoon isn't the only servlet
running, is integrating the SunRise components with the Tomcat Realm based
security. Has that been done before?
Per
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
Re: SunRise with container managed security...
Posted by Ivelin Ivanov <iv...@apache.org>.
I've asked the same question a few days ago
and according to Vadim sunRise is not integrated with the J2EE security... I
also find this integration necessary.
----- Original Message -----
From: "Per Kreipke" <pe...@onclave.com>
To: <co...@xml.apache.org>
Sent: Wednesday, August 07, 2002 2:24 PM
Subject: SunRise with container managed security...
> I've had the demo code working and gotten the SunRise authentication to
work
> off static files and am about to try it off a DB.
>
> However, what I'm really interested in, since Cocoon isn't the only
servlet
> running, is integrating the SunRise components with the Tomcat Realm based
> security. Has that been done before?
>
> Per
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <co...@xml.apache.org>
> For additional commands, e-mail: <co...@xml.apache.org>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
RE: SunRise with container managed security...
Posted by Carsten Ziegeler <cz...@s-und-n.de>.
You can add the principal to the context, if you add it in the
authentication resource, like currently in the demo the name
of the user is added. You can include any transformer,
generator etc. you want and add the required info.
Carsten
> -----Original Message-----
> From: Ivelin Ivanov [mailto:ivelin@apache.org]
> Sent: Friday, August 09, 2002 2:46 PM
> To: cocoon-users@xml.apache.org
> Subject: Re: SunRise with container managed security...
>
>
>
> I think a more important feature is to be able to populate the
> J2EE security
> realm with a Principal name and roles, once authenticated through sunrise.
> Since sunrise is doing a good job at protecting the URLs, I am not so
> concerned about the url constraints in web.xml.
> However I would like to have the principal available in the context when
> obtaining J2ee resources: Transactions, Datasources, EJBs, JMS, etc.
>
>
>
>
> ----- Original Message -----
> From: "Carsten Ziegeler" <cz...@s-und-n.de>
> To: <co...@xml.apache.org>
> Sent: Friday, August 09, 2002 12:52 AM
> Subject: RE: SunRise with container managed security...
>
>
> > Per Kreipke wrote:
> > >
> > > > I think, two users have reported this on the user list some months
> ago.
> > > >
> > > > Carsten
> > >
> > > Sorry, meaning what? Someone else mentioned it or did the work to
> > > integrate
> > > the two? I can't find anything about it on the MARC archive.
> > >
> > Sorry, I had little time yesterday..so I only wrote short mails...
> > Yes, someone mentioned it and integrated it. I don't know how he did it.
> >
> > Basically, this approach should work:
> > The container managed security is outside of Cocoon, so if a protected
> > document is called and the request enters Cocoon, the user must be
> > authenticatd.
> > Otherwise the contained would have denied the access.
> >
> > Now, you can write an automatically log-in handler for Cocoon.
> > For the protected document, test if the usre is already logged-in via
> > the handler. If so, serve the document.
> > If the user is not logged-in via the handler (but then he is already
> > authorized by the container) you can invoke the login-action and write
> > an authentication pipeline for the handler which does nothing more
> > than getting the user, roles, principles from the container and
> > returning them to the handler.
> > That's it.
> >
> > I must confess, that you have to write a simple authentication pipeline
> > for it - I think spending 4 hours on it would be enough and you
> > have the container integration.
> >
> > HTH
> > Carsten
> >
> > > I was thinking that one way to do so would be to satisfy the login
> request
> > > with an XSP page that enumerates the <authentication> block with
> > > the values
> > > of getRemoteUser(), the roles, etc.
> > >
> > > Per
> > >
> > > > > -----Original Message-----
> > > > > From: Per Kreipke [mailto:per@onclave.com]
> > > > > Sent: Wednesday, August 07, 2002 9:24 PM
> > > > > To: cocoon-users@xml.apache.org
> > > > > Subject: SunRise with container managed security...
> > > > >
> > > > >
> > > > > I've had the demo code working and gotten the SunRise
> > > > > authentication to work
> > > > > off static files and am about to try it off a DB.
> > > > >
> > > > > However, what I'm really interested in, since Cocoon isn't the
> > > > > only servlet
> > > > > running, is integrating the SunRise components with the Tomcat
> > > > Realm based
> > > > > security. Has that been done before?
> > > > >
> > > > > Per
> > > > >
> > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > Please check that your question has not already been answered in
> the
> > > > > FAQ before posting.
> <http://xml.apache.org/cocoon/faq/index.html>
> > > > >
> > > > > To unsubscribe, e-mail:
> <co...@xml.apache.org>
> > > > > For additional commands, e-mail:
> <co...@xml.apache.org>
> > > > >
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > Please check that your question has not already been
> answered in the
> > > > FAQ before posting.
<http://xml.apache.org/cocoon/faq/index.html>
> > >
> > > To unsubscribe, e-mail: <co...@xml.apache.org>
> > > For additional commands, e-mail: <co...@xml.apache.org>
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > Please check that your question has not already been answered in the
> > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
> >
> > To unsubscribe, e-mail: <co...@xml.apache.org>
> > For additional commands, e-mail: <co...@xml.apache.org>
> >
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <co...@xml.apache.org>
> For additional commands, e-mail: <co...@xml.apache.org>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
Re: SunRise with container managed security...
Posted by Ivelin Ivanov <iv...@apache.org>.
I think a more important feature is to be able to populate the J2EE security
realm with a Principal name and roles, once authenticated through sunrise.
Since sunrise is doing a good job at protecting the URLs, I am not so
concerned about the url constraints in web.xml.
However I would like to have the principal available in the context when
obtaining J2ee resources: Transactions, Datasources, EJBs, JMS, etc.
----- Original Message -----
From: "Carsten Ziegeler" <cz...@s-und-n.de>
To: <co...@xml.apache.org>
Sent: Friday, August 09, 2002 12:52 AM
Subject: RE: SunRise with container managed security...
> Per Kreipke wrote:
> >
> > > I think, two users have reported this on the user list some months
ago.
> > >
> > > Carsten
> >
> > Sorry, meaning what? Someone else mentioned it or did the work to
> > integrate
> > the two? I can't find anything about it on the MARC archive.
> >
> Sorry, I had little time yesterday..so I only wrote short mails...
> Yes, someone mentioned it and integrated it. I don't know how he did it.
>
> Basically, this approach should work:
> The container managed security is outside of Cocoon, so if a protected
> document is called and the request enters Cocoon, the user must be
> authenticatd.
> Otherwise the contained would have denied the access.
>
> Now, you can write an automatically log-in handler for Cocoon.
> For the protected document, test if the usre is already logged-in via
> the handler. If so, serve the document.
> If the user is not logged-in via the handler (but then he is already
> authorized by the container) you can invoke the login-action and write
> an authentication pipeline for the handler which does nothing more
> than getting the user, roles, principles from the container and
> returning them to the handler.
> That's it.
>
> I must confess, that you have to write a simple authentication pipeline
> for it - I think spending 4 hours on it would be enough and you
> have the container integration.
>
> HTH
> Carsten
>
> > I was thinking that one way to do so would be to satisfy the login
request
> > with an XSP page that enumerates the <authentication> block with
> > the values
> > of getRemoteUser(), the roles, etc.
> >
> > Per
> >
> > > > -----Original Message-----
> > > > From: Per Kreipke [mailto:per@onclave.com]
> > > > Sent: Wednesday, August 07, 2002 9:24 PM
> > > > To: cocoon-users@xml.apache.org
> > > > Subject: SunRise with container managed security...
> > > >
> > > >
> > > > I've had the demo code working and gotten the SunRise
> > > > authentication to work
> > > > off static files and am about to try it off a DB.
> > > >
> > > > However, what I'm really interested in, since Cocoon isn't the
> > > > only servlet
> > > > running, is integrating the SunRise components with the Tomcat
> > > Realm based
> > > > security. Has that been done before?
> > > >
> > > > Per
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > > > Please check that your question has not already been answered in
the
> > > > FAQ before posting.
<http://xml.apache.org/cocoon/faq/index.html>
> > > >
> > > > To unsubscribe, e-mail:
<co...@xml.apache.org>
> > > > For additional commands, e-mail:
<co...@xml.apache.org>
> > > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Please check that your question has not already been answered in the
> > > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
> > >
> > > To unsubscribe, e-mail: <co...@xml.apache.org>
> > > For additional commands, e-mail: <co...@xml.apache.org>
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > Please check that your question has not already been answered in the
> > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
> >
> > To unsubscribe, e-mail: <co...@xml.apache.org>
> > For additional commands, e-mail: <co...@xml.apache.org>
> >
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <co...@xml.apache.org>
> For additional commands, e-mail: <co...@xml.apache.org>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
RE: SunRise with container managed security...
Posted by Carsten Ziegeler <cz...@s-und-n.de>.
Per Kreipke wrote:
>
> > I think, two users have reported this on the user list some months ago.
> >
> > Carsten
>
> Sorry, meaning what? Someone else mentioned it or did the work to
> integrate
> the two? I can't find anything about it on the MARC archive.
>
Sorry, I had little time yesterday..so I only wrote short mails...
Yes, someone mentioned it and integrated it. I don't know how he did it.
Basically, this approach should work:
The container managed security is outside of Cocoon, so if a protected
document is called and the request enters Cocoon, the user must be
authenticatd.
Otherwise the contained would have denied the access.
Now, you can write an automatically log-in handler for Cocoon.
For the protected document, test if the usre is already logged-in via
the handler. If so, serve the document.
If the user is not logged-in via the handler (but then he is already
authorized by the container) you can invoke the login-action and write
an authentication pipeline for the handler which does nothing more
than getting the user, roles, principles from the container and
returning them to the handler.
That's it.
I must confess, that you have to write a simple authentication pipeline
for it - I think spending 4 hours on it would be enough and you
have the container integration.
HTH
Carsten
> I was thinking that one way to do so would be to satisfy the login request
> with an XSP page that enumerates the <authentication> block with
> the values
> of getRemoteUser(), the roles, etc.
>
> Per
>
> > > -----Original Message-----
> > > From: Per Kreipke [mailto:per@onclave.com]
> > > Sent: Wednesday, August 07, 2002 9:24 PM
> > > To: cocoon-users@xml.apache.org
> > > Subject: SunRise with container managed security...
> > >
> > >
> > > I've had the demo code working and gotten the SunRise
> > > authentication to work
> > > off static files and am about to try it off a DB.
> > >
> > > However, what I'm really interested in, since Cocoon isn't the
> > > only servlet
> > > running, is integrating the SunRise components with the Tomcat
> > Realm based
> > > security. Has that been done before?
> > >
> > > Per
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Please check that your question has not already been answered in the
> > > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
> > >
> > > To unsubscribe, e-mail: <co...@xml.apache.org>
> > > For additional commands, e-mail: <co...@xml.apache.org>
> > >
> >
> >
> > ---------------------------------------------------------------------
> > Please check that your question has not already been answered in the
> > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
> >
> > To unsubscribe, e-mail: <co...@xml.apache.org>
> > For additional commands, e-mail: <co...@xml.apache.org>
> >
> >
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <co...@xml.apache.org>
> For additional commands, e-mail: <co...@xml.apache.org>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
RE: SunRise with container managed security...
Posted by Per Kreipke <pe...@onclave.com>.
> I think, two users have reported this on the user list some months ago.
>
> Carsten
Sorry, meaning what? Someone else mentioned it or did the work to integrate
the two? I can't find anything about it on the MARC archive.
I was thinking that one way to do so would be to satisfy the login request
with an XSP page that enumerates the <authentication> block with the values
of getRemoteUser(), the roles, etc.
Per
> > -----Original Message-----
> > From: Per Kreipke [mailto:per@onclave.com]
> > Sent: Wednesday, August 07, 2002 9:24 PM
> > To: cocoon-users@xml.apache.org
> > Subject: SunRise with container managed security...
> >
> >
> > I've had the demo code working and gotten the SunRise
> > authentication to work
> > off static files and am about to try it off a DB.
> >
> > However, what I'm really interested in, since Cocoon isn't the
> > only servlet
> > running, is integrating the SunRise components with the Tomcat
> Realm based
> > security. Has that been done before?
> >
> > Per
> >
> >
> > ---------------------------------------------------------------------
> > Please check that your question has not already been answered in the
> > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
> >
> > To unsubscribe, e-mail: <co...@xml.apache.org>
> > For additional commands, e-mail: <co...@xml.apache.org>
> >
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <co...@xml.apache.org>
> For additional commands, e-mail: <co...@xml.apache.org>
>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>
RE: SunRise with container managed security...
Posted by Carsten Ziegeler <cz...@s-und-n.de>.
I think, two users have reported this on the user list some months ago.
Carsten
> -----Original Message-----
> From: Per Kreipke [mailto:per@onclave.com]
> Sent: Wednesday, August 07, 2002 9:24 PM
> To: cocoon-users@xml.apache.org
> Subject: SunRise with container managed security...
>
>
> I've had the demo code working and gotten the SunRise
> authentication to work
> off static files and am about to try it off a DB.
>
> However, what I'm really interested in, since Cocoon isn't the
> only servlet
> running, is integrating the SunRise components with the Tomcat Realm based
> security. Has that been done before?
>
> Per
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <co...@xml.apache.org>
> For additional commands, e-mail: <co...@xml.apache.org>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <co...@xml.apache.org>
For additional commands, e-mail: <co...@xml.apache.org>