You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Ralph Lange <ra...@abs.de> on 2005/06/03 15:44:35 UTC

authentication-Framework: Problem on logout with firefox 1.0.1/ie 6

Dear Cocoon Users,

Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0

We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)

We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from 
the session,
i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for 
username/pw.

This happens to appear with firefox, ie6, using konqueror it works fine.
Does anyone of you know what happens?

Below are the relevant sitemap snippets.

Any help is kindly appreciated,
Ralph Lange




<map:pipelines>
  <map:component-configurations>
      <authentication-manager>
          <handlers>
            <handler name="portalhandler">
                  <redirect-to uri="redirect_document"/>
                  <authentication 
authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>
               </handler>
      </handlers>
    </authentication-manager>
  </map:component-configurations>

<map:pipeline>
   <map:match pattern="alreadylogged">
      <map:generate type="file" src="authentication/alreadyloggedin.xml"/>
      <map:transform type="xslt" src="authentication/alreadyloggedin.xsl"/>
      <map:serialize type="html"/>
    </map:match>

   <map:match pattern="protectedresource">
      <map:act type="auth-protect">
    <map:parameter name="handler" value="portalhandler"/>
      <map:generate type="file" src="authentication/protectedresource.xml"/>
      <map:transform type="xslt" 
src="authentication/protectedresource.xsl"/>
      <map:serialize type="html"/>
      </map:act>
    </map:match>
   
    <map:match pattern="login">
      <map:act type="auth-loggedIn">
          <map:parameter name="handler" value="portalhandler"/>
          <map:redirect-to uri="alreadylogged"/>
      </map:act>
      <map:act type="auth-login">
        <map:parameter name="handler" value="portalhandler"/>
        <map:parameter name="parameter_name" value="{request-param:name}"/>
        <map:parameter name="parameter_password" 
value="{request-param:password}"/>
        <map:parameter name="parameter_resource" 
value="{request-param:resource}"/>
    <map:redirect-to uri="protectedresource"/>
      </map:act>
      <!-- authentication failed: -->
      <map:generate src="authentication/auth_failed.xml"/>
      <map:transform src="authentication/auth_failed.xsl"/>
      <map:serialize/>
    </map:match>
   
    <map:match pattern="logout">
      <map:act type="auth-logout">
        <map:parameter name="handler" value="portalhandler"/>
    <map:generate src="authentication/auth_logout.xml"/>
        <map:transform src="authentication/auth_logout.xsl"/>
        <map:serialize/>
      </map:act>
    </map:match>
   </map:pipeline>
  </map:pipelines>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: authentication-Framework: Problem on logout with firefox 1.0.1/ie 6

Posted by Andre Juffer <An...@oulu.fi>.

Ralph,

You may have to explicitly destroy the session upon logging out. I 
experienced that a similar problem and it did work for me.

....
<map:act type="session">
   <map:parameter name="action" value="terminate" />
    .....
</map:act>
...


Andre.


Ralph Lange wrote:
> Dear Cocoon Users,
> 
> Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0
> 
> We are using the cocoon authentication framework to protect
> some pipelines from public access. Our prototype setup resembles
> the examples closely. We implemented the Authenticator-interface
> to use our own authentication adapter (DB access, logging, etc.)
> 
> We experience the following problem when logging in and out with
> firefox and ie6. Logout does not remove the authentication properly from 
> the session,
> i.e. after having performed the "auth-logout"-action subsequent calls to
> "auth-login" return the protected resource without any question for 
> username/pw.
> 
> This happens to appear with firefox, ie6, using konqueror it works fine.
> Does anyone of you know what happens?
> 
> Below are the relevant sitemap snippets.
> 
> Any help is kindly appreciated,
> Ralph Lange
> 
> 
> 
> 
> <map:pipelines>
>  <map:component-configurations>
>      <authentication-manager>
>          <handlers>
>            <handler name="portalhandler">
>                  <redirect-to uri="redirect_document"/>
>                  <authentication 
> authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>
>               </handler>
>      </handlers>
>    </authentication-manager>
>  </map:component-configurations>
> 
> <map:pipeline>
>   <map:match pattern="alreadylogged">
>      <map:generate type="file" src="authentication/alreadyloggedin.xml"/>
>      <map:transform type="xslt" src="authentication/alreadyloggedin.xsl"/>
>      <map:serialize type="html"/>
>    </map:match>
> 
>   <map:match pattern="protectedresource">
>      <map:act type="auth-protect">
>    <map:parameter name="handler" value="portalhandler"/>
>      <map:generate type="file" src="authentication/protectedresource.xml"/>
>      <map:transform type="xslt" 
> src="authentication/protectedresource.xsl"/>
>      <map:serialize type="html"/>
>      </map:act>
>    </map:match>
>      <map:match pattern="login">
>      <map:act type="auth-loggedIn">
>          <map:parameter name="handler" value="portalhandler"/>
>          <map:redirect-to uri="alreadylogged"/>
>      </map:act>
>      <map:act type="auth-login">
>        <map:parameter name="handler" value="portalhandler"/>
>        <map:parameter name="parameter_name" value="{request-param:name}"/>
>        <map:parameter name="parameter_password" 
> value="{request-param:password}"/>
>        <map:parameter name="parameter_resource" 
> value="{request-param:resource}"/>
>    <map:redirect-to uri="protectedresource"/>
>      </map:act>
>      <!-- authentication failed: -->
>      <map:generate src="authentication/auth_failed.xml"/>
>      <map:transform src="authentication/auth_failed.xsl"/>
>      <map:serialize/>
>    </map:match>
>      <map:match pattern="logout">
>      <map:act type="auth-logout">
>        <map:parameter name="handler" value="portalhandler"/>
>    <map:generate src="authentication/auth_logout.xml"/>
>        <map:transform src="authentication/auth_logout.xsl"/>
>        <map:serialize/>
>      </map:act>
>    </map:match>
>   </map:pipeline>
>  </map:pipelines>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 


-- 
Andre H. Juffer              | Phone: +358-8-553 1161
The Biocenter and            | Fax: +358-8-553-1141
     the Dep. of Biochemistry | Email: Andre.Juffer@oulu.fi
University of Oulu, Finland  | WWW: www.biochem.oulu.fi/Biocomputing/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org