You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Gerry Kaplan <gk...@kaplansoftware.com> on 2005/09/28 04:53:26 UTC

Sendmail transformer - problem with protected pipeline

Hello Cocoon pundits,

My site is a relatively simple layout:  appname/public/protected.
Authentication is achieved with the authentication manager. Once a user is
authenticated, their userid becomes part of all URIs, for example:

Imweb/public/gkaplan/index.html

The following pipeline generates a PDF report:
<map:match pattern="*/*-print-report">
	<map:generate src="cocoon:/internal/get-report/{1}/{2}.fo"/>
	<map:serialize type="fo2pdf"/>
</map:match>

The first * is the userid, the second is the report-id.

The problem is with the sendmail transformer. The sendmail transformer is
invoked within the authenticated area, and within it, it adds one attachment
as follows:

<email:attachment name="report.pdf" mime-type="application/pdf"
src="cocoon:/gkaplan/reportname-print-report"/>

When the transformer attempts to read the src, it is denied access and
redirected to the login page, thus the results of the src turn into an HTML
representation of my login page. Consequently, I have tried multiple
variations of that URI, and as long as it is trying to access a protected
area of the site, it is denied.

It seems that the transformer is running as a separate user. Does anyone
know much about the sendmail transformer? Your help is greatly appreciated.

Re: Sendmail transformer - problem with protected pipeline

Posted by Bertrand Delacretaz <bd...@apache.org>.

Le 28 sept. 05, à 04:53, Gerry Kaplan a écrit :
> ...I have tried multiple
> variations of that URI, and as long as it is trying to access a 
> protected
> area of the site, it is denied....

You could probably activate more debugging options to see exactly 
what's happening.

A workaround would be to open another access to your report generation 
pipeline, one which does not require authentication but is only 
available to internal requests, for safety, something like:

<map:pipeline internal-only="true">
   <map:match pattern="internal-request/**">
     <map:mount ...path that is usually protected...

at the same level where the authentication manager is configured.

With internal-only="true", this pipeline will not be available from a 
browser, only from cocoon:/ requests.

-Bertrand

Re: Sendmail transformer - problem with protected pipeline

Posted by Philippe Gassmann <ph...@anyware-tech.com>.

Gerry Kaplan wrote:

><email:attachment name="report.pdf" mime-type="application/pdf"
>src="cocoon:/gkaplan/reportname-print-report"/>
>  
>
What you tried is not possible with the version of the 
SendMailTransformer present in the 2.1.7 release. In that release, it 
just transform the cocoon: protocol into a http: external request :(
If you want this to work just use the one present in the current 2.1.x 
branch at the address :
http://svn.apache.org/repos/asf/cocoon/branches/BRANCH_2_1_X/src/blocks/mail/java/org/apache/cocoon/mail/transformation/SendMailTransformer.java

-- 
Philippe GASSMANN
Systèmes d'Information
ANYWARE TECHNOLOGIES
Tel : +33 (0)5 61 00 52 90
Fax : +33 (0)5 61 00 51 46
http://www.anyware-tech.com/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org