You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Cocoon User <co...@hotmail.com> on 2005/07/27 17:06:08 UTC
Authentication Framework: Separate pipelines required for public versus private?
Our site is very data driven. Because we didn't think it mattered, and it
was simple, we designed it so the same pipeline is used for all pages (with
a few exceptions). So the sitemap currenlty doesn't know and doesn't care
whats public and private. The database contriols what pages are public and
private.
We are just now looking into authentication and I am worried that the
separation of public and private pages need to occur in the sitemap in order
for this to work and therefore, having the same pipeline for both is proving
to be problematic. As it stands now, if I was to put an authentication
handler around my pipeline that handles all pages, then all pages that match
to that pipeline will be treated as private.
I do not know if its possible to use the Cocoon authentication framework and
still have the same pipeline deal with public and private pages. Does anyone
know?
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication Framework: Separate pipelines required for public versus priv
Posted by Cocoon User <co...@hotmail.com>.
Thanks for your response.
I actually found a solution. Using a parameter selector I can choose to
auth-protect or not. Therefore,the same pipeline can be protected or not
protected based on whether the page is public or private.. This works. I
have tested it. However I have some larger design questions that may cause
me to not go this way at all.
Thanks!
>From: Sami Rajala <sa...@gmail.com>
>Reply-To: Sami Rajala <sa...@gmail.com>
>To: users@cocoon.apache.org
>Subject: Re: Authentication Framework: Separate pipelines required for
>public versus private?
>Date: Thu, 28 Jul 2005 12:18:38 +0300
>
>It depends how you match your pages in the pipeline. Authentication fw
>(both action and flow based) allows you to protect for example a
>single match element:
>
><map:match pattern="protectedresource">
> <map:act type="auth-protect">
> <map:parameter name="handler" value="portalhandler"/>
> <map:generate src="source/resource.xml"/>
> <map:serialize type="xml"/>
> </map:act>
></map:match>
>
>the example is from auth fw documentation found here:
>http://cocoon.apache.org/2.1/developing/webapps/authentication.html
>
>In the example the document is surrounded by auth-protect action and
>demands that the user is authenticated against portalhandler. If you
>remove the surrounding map:act element, no authentication is needed.
>Same goes with flow, though the syntax is slightly different.
>
>-inf
>
>On 7/27/05, Cocoon User <co...@hotmail.com> wrote:
> > Our site is very data driven. Because we didn't think it mattered, and
>it
> > was simple, we designed it so the same pipeline is used for all pages
>(with
> > a few exceptions). So the sitemap currenlty doesn't know and doesn't
>care
> > whats public and private. The database contriols what pages are public
>and
> > private.
> >
> > We are just now looking into authentication and I am worried that the
> > separation of public and private pages need to occur in the sitemap in
>order
> > for this to work and therefore, having the same pipeline for both is
>proving
> > to be problematic. As it stands now, if I was to put an authentication
> > handler around my pipeline that handles all pages, then all pages that
>match
> > to that pipeline will be treated as private.
> >
> > I do not know if its possible to use the Cocoon authentication framework
>and
> > still have the same pipeline deal with public and private pages. Does
>anyone
> > know?
> >
> > _________________________________________________________________
> > On the road to retirement? Check out MSN Life Events for advice on how
>to
> > get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> > For additional commands, e-mail: users-help@cocoon.apache.org
> >
> >
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>For additional commands, e-mail: users-help@cocoon.apache.org
>
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Authentication Framework: Separate pipelines required for public versus private?
Posted by Sami Rajala <sa...@gmail.com>.
It depends how you match your pages in the pipeline. Authentication fw
(both action and flow based) allows you to protect for example a
single match element:
<map:match pattern="protectedresource">
<map:act type="auth-protect">
<map:parameter name="handler" value="portalhandler"/>
<map:generate src="source/resource.xml"/>
<map:serialize type="xml"/>
</map:act>
</map:match>
the example is from auth fw documentation found here:
http://cocoon.apache.org/2.1/developing/webapps/authentication.html
In the example the document is surrounded by auth-protect action and
demands that the user is authenticated against portalhandler. If you
remove the surrounding map:act element, no authentication is needed.
Same goes with flow, though the syntax is slightly different.
-inf
On 7/27/05, Cocoon User <co...@hotmail.com> wrote:
> Our site is very data driven. Because we didn't think it mattered, and it
> was simple, we designed it so the same pipeline is used for all pages (with
> a few exceptions). So the sitemap currenlty doesn't know and doesn't care
> whats public and private. The database contriols what pages are public and
> private.
>
> We are just now looking into authentication and I am worried that the
> separation of public and private pages need to occur in the sitemap in order
> for this to work and therefore, having the same pipeline for both is proving
> to be problematic. As it stands now, if I was to put an authentication
> handler around my pipeline that handles all pages, then all pages that match
> to that pipeline will be treated as private.
>
> I do not know if its possible to use the Cocoon authentication framework and
> still have the same pipeline deal with public and private pages. Does anyone
> know?
>
> _________________________________________________________________
> On the road to retirement? Check out MSN Life Events for advice on how to
> get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org