You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Upayavira <uv...@upaya.co.uk> on 2003/09/17 10:49:46 UTC
Flow & Auth-fw sample
I have committed a partly working auth-fw/flow sample. I think it is
basically there, but I am gettting stuck with:
SessionManager.streamContextFragment: Context 'authentication' not found.
I've never used the session manager (nor sessions for that matter), so
I'm a bit out of my depth. Could one of you take a look and see if you
can see how to make it work?
[The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon
sets the 'session' value to false, so there appears to be no way to do a
session aware redirect from flow].
Regards, Upayavira
Re: Flow & Auth-fw sample
Posted by Upayavira <uv...@upaya.co.uk>.
Carsten Ziegeler wrote:
>Upayavira wrote:
>
>
>>I have committed a partly working auth-fw/flow sample. I think it is
>>basically there, but I am gettting stuck with:
>>
>>SessionManager.streamContextFragment: Context 'authentication' not found.
>>
>>I've never used the session manager (nor sessions for that matter), so
>>I'm a bit out of my depth. Could one of you take a look and see if you
>>can see how to make it work?
>>
>>[The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon
>>sets the 'session' value to false, so there appears to be no way to do a
>>session aware redirect from flow].
>>
>>
>>
>I haven't looked at your code/sample yet, but I can try to explain some
>parts: after a successful authentication, the authentication context
>is stored in the session; so if you have a redirect (or a link) that does
>not preserve the session than the user is not authenticated any more
>and that could lead to the message from above.
>
>In addition, to get information from the authentication context, you
>have usually to tell the authentication framework which handler to
>use. This is done by the auth-protect action. As long as this
>action hasn't been activated in the current request, the context
>is not available. You need a similar thing in flow as well.
>
Ah. I hadn't used the auth-protect code, cos I couldn't understand what
it was for. I'll look into that and get back to you.
>Perhaps I have time to look at your example over the weekend.
>
>
Leave it to me for now and I'll get back to you if I have problems (that
way you'll only have 5999 messages to worry about).
Regards, Upayavira
Re: Flow & Auth-fw sample
Posted by Upayavira <uv...@upaya.co.uk>.
Carsten,
It now seems to work. Thanks for that.
The checkAuthentication() method needs to be passed a redirector. I
don't think you can get hold of one of them in the flow. I have
therefore changed it so that the checkAuthentication method works if the
redirector is null, and added a getForwardingURI to the
DefaultAuthenticationManager which the flow checkAuthentication method
can use to get the redirection URI, and then call cocoon.redirectTo on it.
The FOM needs modifying to allow session aware redirects. Do we need a vote?
I've now just got to do some tidying up, and I'll commit a working version.
Thanks for your help.
Regards, Upayavira
Carsten Ziegeler wrote:
>Upayavira wrote:
>
>
>>I have committed a partly working auth-fw/flow sample. I think it is
>>basically there, but I am gettting stuck with:
>>
>>SessionManager.streamContextFragment: Context 'authentication' not found.
>>
>>I've never used the session manager (nor sessions for that matter), so
>>I'm a bit out of my depth. Could one of you take a look and see if you
>>can see how to make it work?
>>
>>[The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon
>>sets the 'session' value to false, so there appears to be no way to do a
>>session aware redirect from flow].
>>
>>
>>
>I haven't looked at your code/sample yet, but I can try to explain some
>parts: after a successful authentication, the authentication context
>is stored in the session; so if you have a redirect (or a link) that does
>not preserve the session than the user is not authenticated any more
>and that could lead to the message from above.
>
>In addition, to get information from the authentication context, you
>have usually to tell the authentication framework which handler to
>use. This is done by the auth-protect action. As long as this
>action hasn't been activated in the current request, the context
>is not available. You need a similar thing in flow as well.
>
>Perhaps I have time to look at your example over the weekend.
>
>Carsten
>
>
>
RE: Flow & Auth-fw sample
Posted by Carsten Ziegeler <cz...@s-und-n.de>.
Upayavira wrote:
>
> I have committed a partly working auth-fw/flow sample. I think it is
> basically there, but I am gettting stuck with:
>
> SessionManager.streamContextFragment: Context 'authentication' not found.
>
> I've never used the session manager (nor sessions for that matter), so
> I'm a bit out of my depth. Could one of you take a look and see if you
> can see how to make it work?
>
> [The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon
> sets the 'session' value to false, so there appears to be no way to do a
> session aware redirect from flow].
>
I haven't looked at your code/sample yet, but I can try to explain some
parts: after a successful authentication, the authentication context
is stored in the session; so if you have a redirect (or a link) that does
not preserve the session than the user is not authenticated any more
and that could lead to the message from above.
In addition, to get information from the authentication context, you
have usually to tell the authentication framework which handler to
use. This is done by the auth-protect action. As long as this
action hasn't been activated in the current request, the context
is not available. You need a similar thing in flow as well.
Perhaps I have time to look at your example over the weekend.
Carsten