You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Aurélien DEHAY <ad...@zorel.org> on 2005/02/17 11:44:23 UTC
Autologin & auth-fw
Hello.
I'm using auth-fw for user authentication. I'd like to autologin user
who comming with a specific cookie. I supposed it is possible, but I
don't how to do it, as I can't create authentication context from, for
example, the session context transformer.
I can store user/cookie pair in my SQL database, but how can I do the
autologin stuff?
Rgds.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Autologin & auth-fw
Posted by Aurélien DEHAY <ad...@zorel.org>.
Christoph Hermann wrote:
> Aurélien DEHAY schrieb:
[snip]
> Your authentication ressource checks the login. If cookie is set log the
> user in.
> Then you can easily access protected documents.
>
> In your case use your redirect-to to redirect him to a auth-by-cookie
> pipeline, authenticate the user there and redirect to the requested
> ressource (internally) else if cookie is not set redirect to login
> form.
I'm sorry, but I don't understand. Here is my authentication handler conf:
<authentication-manager>
<handlers>
<handler name="myotishandler">
<redirect-to uri="cocoon://llinfo/"/>
<authentication uri="cocoon:raw:/myotis-authenticate"/>
</handler>
</handlers>
</authentication-manager>
I display a form in the cocoon://llinfo/, the form is calling pipeline
which map:call a flowscript like this:
function login() {
var handler = cocoon.parameters["handler"];
if (auth_isAuthenticated(handler)) {
success();
} else if (auth_login(handler, null, cocoon.parameters)) {
success();
} else {
failure();
}
}
The calling of "cocoon:raw:/myotis-authenticate", which does the real
authentication, doing a select in a database, is made by the auth-fw.
I don't really see where I can put the test of the cookie, neither how
to make that user authenticate with that cookie.
Rgds.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Autologin & auth-fw
Posted by Christoph Hermann <ch...@tu-clausthal.de>.
Aurélien DEHAY schrieb:
Hello,
> > In your authentication handler add a check for the Cookie and
> > return a specific userid.
>
> How do I do that? When a resource is protected and the user is not
> authenticated, I redirect him to a "login" page (with the redirect-to
> element in the handler element), but the authentication is made with
> the authentication element. I don't really see where to put the check
> of the cookie.
Your authentication ressource checks the login. If cookie is set log the
user in.
Then you can easily access protected documents.
In your case use your redirect-to to redirect him to a auth-by-cookie
pipeline, authenticate the user there and redirect to the requested
ressource (internally) else if cookie is not set redirect to login
form.
HTH
Christoph
Re: Autologin & auth-fw
Posted by Aurélien DEHAY <ad...@zorel.org>.
Christoph Hermann wrote:
> Aurélien DEHAY schrieb:
>
> Hello,
>
>
>>I'm using auth-fw for user authentication. I'd like to autologin user
>>who comming with a specific cookie. I supposed it is possible, but I
>>don't how to do it, as I can't create authentication context from,
>>for example, the session context transformer.
>>
>>I can store user/cookie pair in my SQL database, but how can I do the
>>autologin stuff?
>
>
> In your authentication handler add a check for the Cookie and return a
> specific userid.
How do I do that? When a resource is protected and the user is not
authenticated, I redirect him to a "login" page (with the redirect-to
element in the handler element), but the authentication is made with the
authentication element. I don't really see where to put the check of the
cookie.
Rgds.
>
> HTH
> Christoph
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Autologin & auth-fw
Posted by Christoph Hermann <ch...@tu-clausthal.de>.
Aurélien DEHAY schrieb:
Hello,
> I'm using auth-fw for user authentication. I'd like to autologin user
> who comming with a specific cookie. I supposed it is possible, but I
> don't how to do it, as I can't create authentication context from,
> for example, the session context transformer.
>
> I can store user/cookie pair in my SQL database, but how can I do the
> autologin stuff?
In your authentication handler add a check for the Cookie and return a
specific userid.
HTH
Christoph