You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by hassan abolhassani <ha...@yahoo.com> on 2003/10/23 17:31:49 UTC
possible future addition
Hi all,
I have some concerns and would like to share with you. Sorry if these has already been discussed or sounds non-sense. Anyway, I will be glad to hear your voices (I am not in the dev list, so please in case you post a reply send me a copy too).
1- I know that Cocoon provides different facilities for Authentication and protecting pipelines. However, I think it is possible to further simplify it. Suppose we add an attribute to <map:pipline> for example 'protected' tag like:
<map:pipeline protected="yes">
...
</map:pipeline>
Seeing this and having a global definition of the authentication configurations as well as the action in case authentication fails, one may have easier way to add authentication.
2- I have faced several cases where I needed to generate an xml and then do some transformations parallely on the same xml structure. One example is when you want to save some results to disk and transform the same structure to show on browser window. The solution I finally reached to for such a case, was to duplicate xml structure, one copy is surronded by tags needed for "Source Writing transformer" and another copy without such tags. Then the structure is forwarded to "Source Writing transformer" and then another transformer in charge of transformation for browser display. I don't know if there is a better way, but I thought it might be reasonable to have some form of Parallel Transformation (and/or Parallel Serialization).
Best Regards,
Hassan Abolhassani
---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
Re: possible future addition
Posted by Geoff Howard <co...@leverageweb.com>.
Tony Collen wrote:
> hassan abolhassani wrote:
>
>> Hi all,
>>
>> I have some concerns and would like to share with you. Sorry if these
>> has already been discussed or sounds non-sense. Anyway, I will be glad
>> to hear your voices (I am not in the dev list, so please in case you
>> post a reply send me a copy too).
>>
>> 1- I know that Cocoon provides different facilities for Authentication
>> and protecting pipelines. However, I think it is possible to further
>> simplify it. Suppose we add an attribute to <map:pipline> for example
>> 'protected' tag like:
>>
>> <map:pipeline protected="yes">
>> ...
>> </map:pipeline>
>>
>> Seeing this and having a global definition of the authentication
>> configurations as well as the action in case authentication fails, one
>> may have easier way to add authentication.
You can do the same now essentially with
<map:pipeline>
<map:match type="xxx">
... pipeline as before
</map:match>
</map:pipeline>
where the wrapping matcher checks your login state. I wrote a 30 second
matcher which checks your container managed authentication state
(against a role, for example) and it works like a charm. Matchers can
be nested - we're used to seeing them one per "pipeline" (in the
Generator-[Transformer]*-Serializer sense) but they work great in this
case as well.
> This is very interesting. IMO one thing that I'd like to see is a quick
> and easy way of protecting a URL using something similar to using an
> .htaccess file and using basic HTTP authentication. Unfortuantely I
> think this would be the role of the servlet container, and I don't know
> if this would work any way with the CLI.
Again, a matcher to do that would be pretty simple. You could even
probably use a 401 error code to force basic authentication without
configuring it in web.xml.
Geoff
Re: possible future addition
Posted by Upayavira <uv...@upaya.co.uk>.
Tony Collen wrote:
> hassan abolhassani wrote:
>
>> Hi all,
>>
>> I have some concerns and would like to share with you. Sorry if these
>> has already been discussed or sounds non-sense. Anyway, I will be
>> glad to hear your voices (I am not in the dev list, so please in case
>> you post a reply send me a copy too).
>>
>> 1- I know that Cocoon provides different facilities for
>> Authentication and protecting pipelines. However, I think it is
>> possible to further simplify it. Suppose we add an attribute to
>> <map:pipline> for example 'protected' tag like:
>>
>> <map:pipeline protected="yes">
>> ...
>> </map:pipeline>
>>
>> Seeing this and having a global definition of the authentication
>> configurations as well as the action in case authentication fails,
>> one may have easier way to add authentication.
>
>
> This is very interesting. IMO one thing that I'd like to see is a
> quick and easy way of protecting a URL using something similar to
> using an .htaccess file and using basic HTTP authentication.
> Unfortuantely I think this would be the role of the servlet container,
> and I don't know if this would work any way with the CLI.
If you add something to the HTTPEvironment that connects to servlet
container, you just need to add it to the AbstractCommandLineEnvironment
and config to the BeanConfigurator, and then you're done. So the CLI
could handle it with:
<uri src="xxx.html" dest="build/dest" user="foo" pass="bar"/>
Regards, Upayavira
Re: possible future addition
Posted by Tony Collen <co...@umn.edu>.
hassan abolhassani wrote:
> Hi all,
>
> I have some concerns and would like to share with you. Sorry if these has already been discussed or sounds non-sense. Anyway, I will be glad to hear your voices (I am not in the dev list, so please in case you post a reply send me a copy too).
>
> 1- I know that Cocoon provides different facilities for Authentication and protecting pipelines. However, I think it is possible to further simplify it. Suppose we add an attribute to <map:pipline> for example 'protected' tag like:
>
> <map:pipeline protected="yes">
> ...
> </map:pipeline>
>
> Seeing this and having a global definition of the authentication configurations as well as the action in case authentication fails, one may have easier way to add authentication.
This is very interesting. IMO one thing that I'd like to see is a quick and easy way of protecting
a URL using something similar to using an .htaccess file and using basic HTTP authentication.
Unfortuantely I think this would be the role of the servlet container, and I don't know if this
would work any way with the CLI.
Regards,
Tony