You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Magnus Haraldsen Amundsen <Ma...@computas.com> on 2008/08/12 13:29:05 UTC

Cocoon Authentication

Hi,

We use the Coocoon authentication block in our web app through the following dependency in our pom.xml:

<dependency>
  <groupId>org.apache.cocoon</groupId>
  <artifactId>cocoon-auth-impl</artifactId>
  <version>1.0.0</version>
</dependency>

In our Spring configuration we have declated a simple security handler and a standard application:

<bean name="org.apache.cocoon.auth.SecurityHandler/Sublima"
      class="com.computas.sublima.app.controller.admin.LoginController"
      scope="singleton">
</bean>

<bean name="org.apache.cocoon.auth.Application/Sublima"
      class="org.apache.cocoon.auth.impl.StandardApplication"
      scope="singleton">
  <property name="securityHandler" ref="org.apache.cocoon.auth.SecurityHandler/Sublima"/>
</bean>

This is used in the sitemap in the following way:

<map:match pattern="do-login">
  <map:act type="cauth-login">
    <map:parameter name="application" value="Sublima"/>
    <map:parameter name="name" value="{request-param:username}"/>
    <map:parameter name="password" value="{request-param:password}"/>
    <map:redirect-to uri="admin"/>
  </map:act>
  <map:redirect-to uri="{request:contextPath}/login"/>
</map:match>

The Java code to handle the login is as follows (snippet): http://pastebin.com/m77ef2312

When ie. the username does not exist, the code throws an AuthenticationException and the stacktrace is presented to the user. We want the user to be directed back to the login page with the exception message as an text explaining what went wrong. How do we do this?

- Magnus




IMPORTANT NOTICE:
This message may contain confidential information. 
If you have received this e-mail in error, do not use, copy or 
distribute it. Do not open any attachments. Delete it immediately from
your system and notify the sender promptly by e-mail that you 
have done so. Thank you.

Re: Cocoon Authentication

Posted by Joerg Heinicke <jo...@gmx.de>.

Magnus Haraldsen Amundsen <Magnus.Haraldsen.Amundsen <at> computas.com> writes:

> We use the Coocoon authentication block in our web app through the following
> dependency in our pom.xml:

> In our Spring configuration we have declated a simple security handler and a
> standard application:

> This is used in the sitemap in the following way:
> <map:match pattern="do-login">
>   <map:act type="cauth-login">
>     <map:parameter name="application" value="Sublima"/>
>     <map:parameter name="name" value="{request-param:username}"/>
>     <map:parameter name="password" value="{request-param:password}"/>
>     <map:redirect-to uri="admin"/>
>   </map:act>
>   <map:redirect-to uri="{request:contextPath}/login"/>
> </map:match>
> The Java code to handle the login is as follows (snippet):
> http://pastebin.com/m77ef2312
> When ie. the username does not exist, the code throws an
> AuthenticationException and the stacktrace is presented to the user. We want
> the user to be directed back to the login page with the exception message as
> an text explaining what went wrong. How do we do this?

Take a look at Cocoon's error handling [1]. You can "catch" this particular
exception in the error handlers block and do pretty much whatever you want with
it. A plain redirect would probably not work for you since you would lose the
information from the exception, but you can store it somewhere (e.g. as request
attribute) and grab it in the login page.

Joerg

[1] http://cocoon.apache.org/2.2/core-modules/core/2.2/1379_1_1.html


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org