You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Neeme Praks <ne...@one.lv> on 2000/06/01 22:48:57 UTC
RE: Simpleton Sitemap question
> -----Original Message-----
> From: Stefano Mazzocchi [mailto:stefano@apache.org]
> Sent: Wednesday, May 31, 2000 12:38 PM
>
> Good question.
>
> The sitemap will allow you to "mimic" a complete web serving
> environment. In fact, you could map your own web site root to
> Cocoon and
> let it handle the whole thing, including static files, redirection and
> authorization (authentication will be done at web server or servlet
> engine level).
>
> This is how you would achieve it. (in theory, anyway, there are still
> some holes in the picture).
what are the holes? I'm just curious, and maybe others on the list could
also help to fill in these holes ;-)
Neeme
Re: Simpleton Sitemap question
Posted by Stefano Mazzocchi <st...@apache.org>.
Neeme Praks wrote:
>
> > -----Original Message-----
> > From: Stefano Mazzocchi [mailto:stefano@apache.org]
> > Sent: Wednesday, May 31, 2000 12:38 PM
> >
> > Good question.
> >
> > The sitemap will allow you to "mimic" a complete web serving
> > environment. In fact, you could map your own web site root to
> > Cocoon and
> > let it handle the whole thing, including static files, redirection and
> > authorization (authentication will be done at web server or servlet
> > engine level).
> >
> > This is how you would achieve it. (in theory, anyway, there are still
> > some holes in the picture).
>
> what are the holes? I'm just curious, and maybe others on the list could
> also help to fill in these holes ;-)
Mostly for web-app and authorisation/authentication. Turbine-stuff, you
could say.
Having little personal knowledge on those fields, I find myself with a
blurred vision... and this leaves my whiteboard painfully blank...
--
Stefano Mazzocchi One must still have chaos in oneself to be
able to give birth to a dancing star.
<st...@apache.org> Friedrich Nietzsche
--------------------------------------------------------------------
Missed us in Orlando? Make it up with ApacheCON Europe in London!
------------------------- http://ApacheCon.Com ---------------------
Re: Simpleton Sitemap question
Posted by Stefano Mazzocchi <st...@apache.org>.
Giacomo Pati wrote:
>
> David Duddleston wrote:
> >
> > > -----Original Message-----
> > > From: Neeme Praks [mailto:neeme@one.lv]
> > > Sent: Thursday, June 01, 2000 1:49 PM
> > > To: cocoon-dev@xml.apache.org
> > > Subject: RE: Simpleton Sitemap question
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Stefano Mazzocchi [mailto:stefano@apache.org]
> > > > Sent: Wednesday, May 31, 2000 12:38 PM
> > > >
> > > > Good question.
> > > >
> > > > The sitemap will allow you to "mimic" a complete web serving
> > > > environment. In fact, you could map your own web site root to
> > > > Cocoon and
> > > > let it handle the whole thing, including static files, redirection and
> > > > authorization (authentication will be done at web server or servlet
> > > > engine level).
> >
> > Many Web Apps still use Form based authentication controlled by the Web
> > Application and not the servlet container, so it might be a good idea to
> > allow this. Especialy if the Cocoon sitemap is going to be the primary
> > controller/director.
>
> Please read the Servlet 2.2. spec. which we have commited to at "11.6
> Server Tracking of Authentication Information". There you see why it is
> better to leave authentication at the container level.
>
> If "Many Web Apps" still use their own Form based authentication it's
> almost because there was no infrastructure available to do this at the
> container level when those apps where written.
>
> And because there are so many different possibilities to do
> authentication we shuld leave it to the container and not reimplement
> our own.
Total +1
And +1 for everything that reduces the code we have to write :)
--
Stefano Mazzocchi One must still have chaos in oneself to be
able to give birth to a dancing star.
<st...@apache.org> Friedrich Nietzsche
--------------------------------------------------------------------
Missed us in Orlando? Make it up with ApacheCON Europe in London!
------------------------- http://ApacheCon.Com ---------------------
Re: Simpleton Sitemap question
Posted by Giacomo Pati <gi...@simba.pwr.ch>.
On Fri, Jun 02, 2000 at 09:55:08PM -0700, David Duddleston wrote:
>
> > Please read the Servlet 2.2. spec. which we have commited to at "11.6
> > Server Tracking of Authentication Information". There you see why it is
> > better to leave authentication at the container level.
> >
> > If "Many Web Apps" still use their own Form based authentication it's
> > almost because there was no infrastructure available to do this at the
> > container level when those apps where written.
> >
> > And because there are so many different possibilities to do
> > authentication we shuld leave it to the container and not reimplement
> > our own.
>
> Yeah, I just took another read of it. Still a few things I'm unclear about
> regarding setting things up in the web.xml, but I think it is just a matter
> of playing around with it. Anyway, I think you are right. It would be to
> much of a hastle considering C2 will be Servlet 2.2 API which should cover
> it.
If you are looking for examples, see the tomcat web.xml. One of them is configured to use container security.
Giacomo
>
> -david
>
--
PWR GmbH, Organisation & Entwicklung Tel: +41 (0)1 856 2202
Giacomo Pati, CTO/CEO Fax: +41 (0)1 856 2201
Hintereichenstrasse 7 Mailto:Giacomo.Pati@pwr.ch
CH-8166 Niederweningen Web: http://www.pwr.ch
RE: Simpleton Sitemap question
Posted by David Duddleston <da...@i2a.com>.
> Please read the Servlet 2.2. spec. which we have commited to at "11.6
> Server Tracking of Authentication Information". There you see why it is
> better to leave authentication at the container level.
>
> If "Many Web Apps" still use their own Form based authentication it's
> almost because there was no infrastructure available to do this at the
> container level when those apps where written.
>
> And because there are so many different possibilities to do
> authentication we shuld leave it to the container and not reimplement
> our own.
Yeah, I just took another read of it. Still a few things I'm unclear about
regarding setting things up in the web.xml, but I think it is just a matter
of playing around with it. Anyway, I think you are right. It would be to
much of a hastle considering C2 will be Servlet 2.2 API which should cover
it.
-david
Re: Simpleton Sitemap question
Posted by Giacomo Pati <Gi...@pwr.ch>.
David Duddleston wrote:
>
> > -----Original Message-----
> > From: Neeme Praks [mailto:neeme@one.lv]
> > Sent: Thursday, June 01, 2000 1:49 PM
> > To: cocoon-dev@xml.apache.org
> > Subject: RE: Simpleton Sitemap question
> >
> >
> >
> > > -----Original Message-----
> > > From: Stefano Mazzocchi [mailto:stefano@apache.org]
> > > Sent: Wednesday, May 31, 2000 12:38 PM
> > >
> > > Good question.
> > >
> > > The sitemap will allow you to "mimic" a complete web serving
> > > environment. In fact, you could map your own web site root to
> > > Cocoon and
> > > let it handle the whole thing, including static files, redirection and
> > > authorization (authentication will be done at web server or servlet
> > > engine level).
>
> Many Web Apps still use Form based authentication controlled by the Web
> Application and not the servlet container, so it might be a good idea to
> allow this. Especialy if the Cocoon sitemap is going to be the primary
> controller/director.
Please read the Servlet 2.2. spec. which we have commited to at "11.6
Server Tracking of Authentication Information". There you see why it is
better to leave authentication at the container level.
If "Many Web Apps" still use their own Form based authentication it's
almost because there was no infrastructure available to do this at the
container level when those apps where written.
And because there are so many different possibilities to do
authentication we shuld leave it to the container and not reimplement
our own.
Giacomo
--
PWR GmbH, Organisation & Entwicklung Tel: +41 (0)1 856 2202
Giacomo Pati, CTO/CEO Fax: +41 (0)1 856 2201
Hintereichenstrasse 7 Mailto:Giacomo.Pati@pwr.ch
CH-8166 Niederweningen Web: http://www.pwr.ch
RE: Simpleton Sitemap question
Posted by David Duddleston <da...@i2a.com>.
> -----Original Message-----
> From: Neeme Praks [mailto:neeme@one.lv]
> Sent: Thursday, June 01, 2000 1:49 PM
> To: cocoon-dev@xml.apache.org
> Subject: RE: Simpleton Sitemap question
>
>
>
> > -----Original Message-----
> > From: Stefano Mazzocchi [mailto:stefano@apache.org]
> > Sent: Wednesday, May 31, 2000 12:38 PM
> >
> > Good question.
> >
> > The sitemap will allow you to "mimic" a complete web serving
> > environment. In fact, you could map your own web site root to
> > Cocoon and
> > let it handle the whole thing, including static files, redirection and
> > authorization (authentication will be done at web server or servlet
> > engine level).
Many Web Apps still use Form based authentication controlled by the Web
Application and not the servlet container, so it might be a good idea to
allow this. Especialy if the Cocoon sitemap is going to be the primary
controller/director.
-david