You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Ralph Lange <ra...@abs.de> on 2005/07/12 18:13:47 UTC

authentication-Framework: Problem on logout with firefox 1.0.1/ie 6

Dear Cocoon Users,

Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0

We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)

We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from 
the session,
i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for 
username/pw.

This happens to appear with firefox, opera, using konqueror it works fine.

We already had the same problem some weeks ago, we already wrote on 
users@cocoon.apache.org about this problem.
Another user gave us the solution: 

You may have to explicitly destroy the session upon logging out. I 
experienced that a similar problem and it did work for me.
....
<map:act type="session">
  <map:parameter name="action" value="terminate" />
   .....
</map:act>
....

After inserting this snippet, it worked for some weeks. Now, after 
having  put the sitemap to another location, the old problem occurs.

Below are the relevant sitemap snippets.

Any help is kindly appreciated,
Ralph Lange




<map:pipelines>
 <map:component-configurations>
     <authentication-manager>
         <handlers>
           <handler name="portalhandler">
                 <redirect-to uri="redirect_document"/>
                 <authentication 
authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>
              </handler>
     </handlers>
   </authentication-manager>
 </map:component-configurations>

<map:pipeline>
  <map:match pattern="alreadylogged">
     <map:generate type="file" src="authentication/alreadyloggedin.xml"/>
     <map:transform type="xslt" src="authentication/alreadyloggedin.xsl"/>
     <map:serialize type="html"/>
   </map:match>

  <map:match pattern="protectedresource">
     <map:act type="auth-protect">
   <map:parameter name="handler" value="portalhandler"/>
     <map:generate type="file" src="authentication/protectedresource.xml"/>
     <map:transform type="xslt" 
src="authentication/protectedresource.xsl"/>
     <map:serialize type="html"/>
     </map:act>

   </map:match>
     <map:match pattern="login">
     <map:act type="auth-loggedIn">
         <map:parameter name="handler" value="portalhandler"/>
         <map:redirect-to uri="alreadylogged"/>
     </map:act>
     <map:act type="auth-login">
       <map:parameter name="handler" value="portalhandler"/>
       <map:parameter name="parameter_name" value="{request-param:name}"/>
       <map:parameter name="parameter_password" 
value="{request-param:password}"/>
       <map:parameter name="parameter_resource" 
value="{request-param:resource}"/>
   <map:redirect-to uri="protectedresource"/>
     </map:act>
     <!-- authentication failed: -->
     <map:generate src="authentication/auth_failed.xml"/>
     <map:transform src="authentication/auth_failed.xsl"/>
     <map:serialize/>
   </map:match>

    <map:match pattern="logout">
       <map:act type="session">
       <map:parameter name="action" value="terminate"/>
       </map:act>
      <map:act type="auth-logout">
        <map:parameter name="handler" value="portalhandler"/>
    <map:generate src="xml/authentication/auth_logout.xml"/>
        <map:transform src="xsl/authentication/auth_logout.xsl"/>
        <map:serialize/>
      </map:act>
    </map:match>
  </map:pipeline>
 </map:pipelines>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: authentication-Framework: Problem on logout with firefox 1.0.1/ie 6

Posted by Andre Juffer <aj...@sun3.oulu.fi>.

Hi Ralph,

I gave you that solution you refer to in your email. The only difference 
I see between what you have and what I have, is the following. In your 
sitemap, you have:

 >    <map:match pattern="logout">
 >       <map:act type="session">
 >       <map:parameter name="action" value="terminate"/>
 >       </map:act>
 >      <map:act type="auth-logout">
 >        <map:parameter name="handler" value="portalhandler"/>
 >    <map:generate src="xml/authentication/auth_logout.xml"/>
 >        <map:transform src="xsl/authentication/auth_logout.xsl"/>
 >        <map:serialize/>
 >      </map:act>
 >    </map:match>
 >  </map:pipeline>
 > </map:pipelines>

However, I have in my sitemap:

       <map:match pattern="do-logout">
         <map:act type="auth-logout">
           <map:parameter name="handler" value="sopashandler"/>
           <map:act type="session">
             <map:parameter name="action" value="terminate" />
             <map:redirect-to uri="index" />
           </map:act>
         </map:act>
       </map:match>

As you can see, I first do the <map:act type="auth-logout">, followed by 
the <map:act type="session">. You have it the other way around. It seems 
logical that you first do the <map:act type="auth-logout"> before you 
kill the session.

Hopes that helps,
Andre

Ralph Lange wrote:
> Dear Cocoon Users,
> 
> Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0
> 
> We are using the cocoon authentication framework to protect
> some pipelines from public access. Our prototype setup resembles
> the examples closely. We implemented the Authenticator-interface
> to use our own authentication adapter (DB access, logging, etc.)
> 
> We experience the following problem when logging in and out with
> firefox and ie6. Logout does not remove the authentication properly from 
> the session,
> i.e. after having performed the "auth-logout"-action subsequent calls to
> "auth-login" return the protected resource without any question for 
> username/pw.
> 
> This happens to appear with firefox, opera, using konqueror it works fine.
> 
> We already had the same problem some weeks ago, we already wrote on 
> users@cocoon.apache.org about this problem.
> Another user gave us the solution:
> You may have to explicitly destroy the session upon logging out. I 
> experienced that a similar problem and it did work for me.
> ....
> <map:act type="session">
>  <map:parameter name="action" value="terminate" />
>   .....
> </map:act>
> ....
> 
> After inserting this snippet, it worked for some weeks. Now, after 
> having  put the sitemap to another location, the old problem occurs.
> 
> Below are the relevant sitemap snippets.
> 
> Any help is kindly appreciated,
> Ralph Lange
> 
> 
> 
> 
> <map:pipelines>
> <map:component-configurations>
>     <authentication-manager>
>         <handlers>
>           <handler name="portalhandler">
>                 <redirect-to uri="redirect_document"/>
>                 <authentication 
> authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>
>              </handler>
>     </handlers>
>   </authentication-manager>
> </map:component-configurations>
> 
> <map:pipeline>
>  <map:match pattern="alreadylogged">
>     <map:generate type="file" src="authentication/alreadyloggedin.xml"/>
>     <map:transform type="xslt" src="authentication/alreadyloggedin.xsl"/>
>     <map:serialize type="html"/>
>   </map:match>
> 
>  <map:match pattern="protectedresource">
>     <map:act type="auth-protect">
>   <map:parameter name="handler" value="portalhandler"/>
>     <map:generate type="file" src="authentication/protectedresource.xml"/>
>     <map:transform type="xslt" src="authentication/protectedresource.xsl"/>
>     <map:serialize type="html"/>
>     </map:act>
> 
>   </map:match>
>     <map:match pattern="login">
>     <map:act type="auth-loggedIn">
>         <map:parameter name="handler" value="portalhandler"/>
>         <map:redirect-to uri="alreadylogged"/>
>     </map:act>
>     <map:act type="auth-login">
>       <map:parameter name="handler" value="portalhandler"/>
>       <map:parameter name="parameter_name" value="{request-param:name}"/>
>       <map:parameter name="parameter_password" 
> value="{request-param:password}"/>
>       <map:parameter name="parameter_resource" 
> value="{request-param:resource}"/>
>   <map:redirect-to uri="protectedresource"/>
>     </map:act>
>     <!-- authentication failed: -->
>     <map:generate src="authentication/auth_failed.xml"/>
>     <map:transform src="authentication/auth_failed.xsl"/>
>     <map:serialize/>
>   </map:match>
> 
>    <map:match pattern="logout">
>       <map:act type="session">
>       <map:parameter name="action" value="terminate"/>
>       </map:act>
>      <map:act type="auth-logout">
>        <map:parameter name="handler" value="portalhandler"/>
>    <map:generate src="xml/authentication/auth_logout.xml"/>
>        <map:transform src="xsl/authentication/auth_logout.xsl"/>
>        <map:serialize/>
>      </map:act>
>    </map:match>
>  </map:pipeline>
> </map:pipelines>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 


-- 
Andre H. Juffer              | Phone: +358-8-553 1161
The Biocenter and            | Fax: +358-8-553-1141
     the Dep. of Biochemistry | Email: Andre.Juffer@oulu.fi
University of Oulu, Finland  | WWW: 
www.biochem.oulu.fi/Biocomputing/index.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org