Flow & Auth-fw sample

[Upayavira <uv...@upaya.co.uk>]

I have committed a partly working auth-fw/flow sample. I think it is 
basically there, but I am gettting stuck with:

SessionManager.streamContextFragment: Context 'authentication' not found.

I've never used the session manager (nor sessions for that matter), so 
I'm a bit out of my depth. Could one of you take a look and see if you 
can see how to make it work?

[The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon 
sets the 'session' value to false, so there appears to be no way to do a 
session aware redirect from flow].

Regards, Upayavira

Re: Flow & Auth-fw sample

[Upayavira <uv...@upaya.co.uk>]

Carsten Ziegeler wrote:

>Upayavira wrote:
>  
>
>>I have committed a partly working auth-fw/flow sample. I think it is 
>>basically there, but I am gettting stuck with:
>>
>>SessionManager.streamContextFragment: Context 'authentication' not found.
>>
>>I've never used the session manager (nor sessions for that matter), so 
>>I'm a bit out of my depth. Could one of you take a look and see if you 
>>can see how to make it work?
>>
>>[The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon 
>>sets the 'session' value to false, so there appears to be no way to do a 
>>session aware redirect from flow].
>>
>>    
>>
>I haven't looked at your code/sample yet, but I can try to explain some
>parts: after a successful authentication, the authentication context
>is stored in the session; so if you have a redirect (or a link) that does
>not preserve the session than the user is not authenticated any more
>and that could lead to the message from above.
>
>In addition, to get information from the authentication context, you
>have usually to tell the authentication framework which handler to
>use. This is done by the auth-protect action. As long as this
>action hasn't been activated in the current request, the context
>is not available. You need a similar thing in flow as well.
>
Ah. I hadn't used the auth-protect code, cos I couldn't understand what 
it was for. I'll look into that and get back to you.

>Perhaps I have time to look at your example over the weekend.
>  
>
Leave it to me for now and I'll get back to you if I have problems (that 
way you'll only have 5999 messages to worry about).

Regards, Upayavira

Re: Flow & Auth-fw sample

[Upayavira <uv...@upaya.co.uk>]

Carsten,

It now seems to work. Thanks for that.

The checkAuthentication() method needs to be passed a redirector. I 
don't think you can get hold of one of them in the flow. I have 
therefore changed it so that the checkAuthentication method works if the 
redirector is null, and added a getForwardingURI to the 
DefaultAuthenticationManager which the flow checkAuthentication method 
can use to get the redirection URI, and then call cocoon.redirectTo on it.

The FOM needs modifying to allow session aware redirects. Do we need a vote?

I've now just got to do some tidying up, and I'll commit a working version.

Thanks for your help.

Regards, Upayavira

Carsten Ziegeler wrote:

>Upayavira wrote:
>  
>
>>I have committed a partly working auth-fw/flow sample. I think it is 
>>basically there, but I am gettting stuck with:
>>
>>SessionManager.streamContextFragment: Context 'authentication' not found.
>>
>>I've never used the session manager (nor sessions for that matter), so 
>>I'm a bit out of my depth. Could one of you take a look and see if you 
>>can see how to make it work?
>>
>>[The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon 
>>sets the 'session' value to false, so there appears to be no way to do a 
>>session aware redirect from flow].
>>
>>    
>>
>I haven't looked at your code/sample yet, but I can try to explain some
>parts: after a successful authentication, the authentication context
>is stored in the session; so if you have a redirect (or a link) that does
>not preserve the session than the user is not authenticated any more
>and that could lead to the message from above.
>
>In addition, to get information from the authentication context, you
>have usually to tell the authentication framework which handler to
>use. This is done by the auth-protect action. As long as this
>action hasn't been activated in the current request, the context
>is not available. You need a similar thing in flow as well.
>
>Perhaps I have time to look at your example over the weekend.
>
>Carsten
>
>  
>

RE: Flow & Auth-fw sample

[Carsten Ziegeler <cz...@s-und-n.de>]

Upayavira wrote:
> 
> I have committed a partly working auth-fw/flow sample. I think it is 
> basically there, but I am gettting stuck with:
> 
> SessionManager.streamContextFragment: Context 'authentication' not found.
> 
> I've never used the session manager (nor sessions for that matter), so 
> I'm a bit out of my depth. Could one of you take a look and see if you 
> can see how to make it work?
> 
> [The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon 
> sets the 'session' value to false, so there appears to be no way to do a 
> session aware redirect from flow].
> 
I haven't looked at your code/sample yet, but I can try to explain some
parts: after a successful authentication, the authentication context
is stored in the session; so if you have a redirect (or a link) that does
not preserve the session than the user is not authenticated any more
and that could lead to the message from above.

In addition, to get information from the authentication context, you
have usually to tell the authentication framework which handler to
use. This is done by the auth-protect action. As long as this
action hasn't been activated in the current request, the context
is not available. You need a similar thing in flow as well.

Perhaps I have time to look at your example over the weekend.

Carsten