You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Aurélien DEHAY <ad...@zorel.org> on 2005/02/17 11:44:23 UTC

Autologin & auth-fw

Hello.

I'm using auth-fw for user authentication. I'd like to autologin user 
who comming with a specific cookie. I supposed it is possible, but I 
don't how to do it, as I can't create authentication context from, for 
example, the session context transformer.

I can store user/cookie pair in my SQL database, but how can I do the 
autologin stuff?

Rgds.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Autologin & auth-fw

Posted by Aurélien DEHAY <ad...@zorel.org>.

Christoph Hermann wrote:
> Aurélien DEHAY schrieb:
[snip]
> Your authentication ressource checks the login. If cookie is set log the 
> user in.
> Then you can easily access protected documents.
> 
> In your case use your redirect-to to redirect him to a auth-by-cookie 
> pipeline, authenticate the user there and redirect to the requested 
> ressource (internally) else if cookie is not set redirect to login 
> form.

I'm sorry, but I don't understand. Here is my authentication handler conf:

<authentication-manager>
   <handlers>
     <handler name="myotishandler">
       <redirect-to uri="cocoon://llinfo/"/>
       <authentication uri="cocoon:raw:/myotis-authenticate"/>
     </handler>
   </handlers>
</authentication-manager>

I display a form in the cocoon://llinfo/, the form is calling pipeline 
which map:call a flowscript like this:

function login() {
     var handler = cocoon.parameters["handler"];

     if (auth_isAuthenticated(handler)) {
         success();
     } else if (auth_login(handler, null, cocoon.parameters)) {
         success();
     } else {
         failure();
     }
}

The calling of "cocoon:raw:/myotis-authenticate", which does the real 
authentication, doing a select in a database, is made by the auth-fw.

I don't really see where I can put the test of the cookie, neither how 
to make that user authenticate with that cookie.

Rgds.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Autologin & auth-fw

Posted by Christoph Hermann <ch...@tu-clausthal.de>.

Aurélien DEHAY schrieb:

Hello,

> > In your authentication handler add a check for the Cookie and
> > return a specific userid.
>
> How do I do that? When a resource is protected and the user is not
> authenticated, I redirect him to a "login" page (with the redirect-to
> element in the handler element), but the authentication is made with
> the authentication element. I don't really see where to put the check
> of the cookie.

Your authentication ressource checks the login. If cookie is set log the 
user in.
Then you can easily access protected documents.

In your case use your redirect-to to redirect him to a auth-by-cookie 
pipeline, authenticate the user there and redirect to the requested 
ressource (internally) else if cookie is not set redirect to login 
form.

HTH
Christoph

Re: Autologin & auth-fw

Posted by Aurélien DEHAY <ad...@zorel.org>.

Christoph Hermann wrote:
> Aurélien DEHAY schrieb:
> 
> Hello,
> 
> 
>>I'm using auth-fw for user authentication. I'd like to autologin user
>>who comming with a specific cookie. I supposed it is possible, but I
>>don't how to do it, as I can't create authentication context from,
>>for example, the session context transformer.
>>
>>I can store user/cookie pair in my SQL database, but how can I do the
>>autologin stuff?
> 
> 
> In your authentication handler add a check for the Cookie and return a 
> specific userid.

How do I do that? When a resource is protected and the user is not 
authenticated, I redirect him to a "login" page (with the redirect-to 
element in the handler element), but the authentication is made with the 
authentication element. I don't really see where to put the check of the 
cookie.

Rgds.

> 
> HTH
> Christoph


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: Autologin & auth-fw

Posted by Christoph Hermann <ch...@tu-clausthal.de>.

Aurélien DEHAY schrieb:

Hello,

> I'm using auth-fw for user authentication. I'd like to autologin user
> who comming with a specific cookie. I supposed it is possible, but I
> don't how to do it, as I can't create authentication context from,
> for example, the session context transformer.
>
> I can store user/cookie pair in my SQL database, but how can I do the
> autologin stuff?

In your authentication handler add a check for the Cookie and return a 
specific userid.

HTH
Christoph