You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Sebastien Arbogast <se...@gmail.com> on 2005/04/28 18:46:24 UTC
Authentication alternatives
Hi,
I'm trying to implement some authentication on my Cocoon application
and I find authentication framework a bit complicated and not very
clean with all those roundtrips between flow and sitemap. I mean, it's
certainly adapted to generic situations but I'd like to be sure it's
the best available solution before preparing myself for a headache (I
can already feel it coming :-P).
So knowing that all my application is made with JX+flow over a Spring
structure (which contains user data), has anyone successfully
implemented a simpler authentication management or is auth-fw the only
solution ?
Thx in advance
--
Sebastien ARBOGAST
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication alternatives
Posted by Sebastien Arbogast <se...@gmail.com>.
Ok I've managed to setup my authentication mechanism with session
context thanks to you Nacho.
But I still have a little problem to get data from session context
using the session tranformer.
When my user is authenticated, I create a "schaman" session context
(the name of my application) and I set the "/user/name" attribute to
the name of the user and I display a home page with a welcome message
:
<content title="home" xmlns:i18n="http://apache.org/cocoon/i18n/2.1"
xmlns:jx="http://apache.org/cocoon/templates/jx/1.0"
xmlns:session="http://apache.org/cocoon/session/1.0">
<div>
<i18n:translate>
<i18n:text key="welcome_message"/>
<i18n:param><session:getxml context="schaman"
path="/user/name">test</session:getxml></i18n:param>
</i18n:translate>
</div>
</content>
And in the pipeline I call the session transformer of course but then
"test" is always displayed instead of the real user's name.
Do you have an idea ?
Thx in advance.
--
Sebastien ARBOGAST
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication alternatives
Posted by Nacho Jimenez <na...@gmail.com>.
Wooopsie!
Sorry, forget about "site", the correct line should say
if (contextManager.existsContext("mycontext"))
My cocoon aplication uses a kind of home-made virtual system and
handles serveral different websites, so I keep a different context for
each one of them. I cleaned the functions before sending them to you,
but I forgot to clean that line. :)
Sorry
2005/5/2, Sebastien Arbogast <se...@gmail.com>:
> > If you want to use the session framework, it's much more complicated..
> > Here's an example on two wrappper functions to get and set a string in
> > a path inside the session framework. Pay attention on two things: a
> > session can have many diferent contexts (for different kind of data,
> > etc.), and to locate data, you use xpath. If a context is not defined
> > and you try to access to it, it'll throw an exception, so be careful.
> >
> > function setData(path,value) {
> > var contextManager=cocoon.getComponent(Packages.org.apache.cocoon.webapps.session.ContextManager.ROLE);
> > var myContext;
> > if (contextManager.existsContext(site))
> > myContext=contextManager.getContext("mycontext");
> > else myContext=contextManager.createContext("mycontext","","");
> > myContext.setAttribute(path,value);
> > cocoon.releaseComponent(contextManager);
> > }
>
> I'm trying to use Nacho's two wrapper functions but there is just one
> thing I don't understand : what does the "site" parameter stand for in
> call to contextManager.existsContext(site) ? Where does its value come
> from ?
>
> Thx in advance...
>
> --
> Sebastien ARBOGAST
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication alternatives
Posted by Sebastien Arbogast <se...@gmail.com>.
> If you want to use the session framework, it's much more complicated..
> Here's an example on two wrappper functions to get and set a string in
> a path inside the session framework. Pay attention on two things: a
> session can have many diferent contexts (for different kind of data,
> etc.), and to locate data, you use xpath. If a context is not defined
> and you try to access to it, it'll throw an exception, so be careful.
>
> function setData(path,value) {
> var contextManager=cocoon.getComponent(Packages.org.apache.cocoon.webapps.session.ContextManager.ROLE);
> var myContext;
> if (contextManager.existsContext(site))
> myContext=contextManager.getContext("mycontext");
> else myContext=contextManager.createContext("mycontext","","");
> myContext.setAttribute(path,value);
> cocoon.releaseComponent(contextManager);
> }
I'm trying to use Nacho's two wrapper functions but there is just one
thing I don't understand : what does the "site" parameter stand for in
call to contextManager.existsContext(site) ? Where does its value come
from ?
Thx in advance...
--
Sebastien ARBOGAST
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication alternatives
Posted by Nacho Jimenez <na...@gmail.com>.
> I'm trying to implement some authentication on my Cocoon application
> and I find authentication framework a bit complicated and not very
> clean with all those roundtrips between flow and sitemap. I mean, it's
> certainly adapted to generic situations but I'd like to be sure it's
> the best available solution before preparing myself for a headache (I
> can already feel it coming :-P).
> So knowing that all my application is made with JX+flow over a Spring
> structure (which contains user data), has anyone successfully
> implemented a simpler authentication management or is auth-fw the only
> solution ?
For a simpler solution, you could use the container as the
authenticator (look for AuthWithTomcat in the wiki), but you won't get
much flexibility. And you can also make your own authentication
functions (for flowscript) or actions, but the authenticator framework
works fine after the first couple of headaches, and making new
authenticators in java is pretty easy once you get started. I have a
"LDAPAuthenticator" working, and it took me a couple of hours. If you
want the code, just ask.
BTW: For my next project I want to authenticate/authorize using
certificates. I've done it before in tomcat, but never tried anything
like that in cocoon. Someone did it before? Some advice for the road
ahead?
P.S.: Completely off-topic for the curious minds. RIght now, Gmail's
"AdSense" is showing me "Feeling Rejected", "Pregnancy Exercise Guide"
and "Period wile pregnant" links... Wonder wich words from Sebastien's
mail triggered those Ads. :D
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication alternatives
Posted by Sebastien Arbogast <se...@gmail.com>.
Thanks to Nacho, I created a few authentication methods which are
quite simple both to use and to understand. In the sitemap, when a
protected resource is requested, requestProtectedResource flowscript
function is called :
<map:match pattern="*">
<map:call function="requestProtectedResource">
<map:parameter name="protected-resource" value="{1}"/>
</map:call>
</map:match>
And here are the corresponding flowscript methods (with calls to
Spring services behind to do the business stuff) :
function requestProtectedResource(){
var protectedResource = cocoon.parameters["protected-resource"];
if(authenticated()){
accessProtectedResource(protectedResource);
}
else{
login(protectedResource);
}
}
function authenticated(){
return cocoon.session.username != null;
}
function accessProtectedResource(protectedResource){
//System.out.println("accessing " + protectedResource + "...");
if(authorized(protectedResource)){
if(protectedResource == null) cocoon.sendPage("");
else cocoon.sendPage("views/" + protectedResource);
}
else{
cocoon.sendPage("views/message",{message :
"not-authorized",type:"error"});
}
}
function authorized(protectedResource){
//System.out.println("authorized for " + protectedResource + " ?");
getSites();
var username = cocoon.session.getAttribute("username");
return sites.checkAuthorization(username,protectedResource);
}
function login(protectedResource){
getUsers();
var form = new Form("forms/login_d.xml");
form.showForm("forms/login");
var model = form.getModel();
var user = users.authenticateUser(
model.username,model.password
);
if(user != null){
cocoon.session.setAttribute("username",user.getName());
accessProtectedResource(protectedResource);
}
else{
cocoon.sendPage("views/incorrect-login");
}
}
function logout(){
cocoon.session.removeAttribute("username");
cocoon.sendPage("");
}
It's not very generic and I need to run a few "monkey tests" and use
Session framework instead of rough session but it gives a general idea
of what can be done without authentication framework when you have a
clean business layer.
When I finish those tests I'll have a look at coward.
--
Sebastien ARBOGAST
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication alternatives
Posted by Jens Maukisch <co...@maukisch.net>.
Hi,
> So knowing that all my application is made with JX+flow over a Spring
> structure (which contains user data), has anyone successfully
> implemented a simpler authentication management or is auth-fw the only
> solution ?
Maybe you should have a look at CoWarp
(http://osoco.sourceforge.net/cowarp/) which is more or less a
new/improved version of the authentication framework.
--
* best regards
* Jens Maukisch
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org