authentication fw, auth-protect, and context

[BURGHARD Éric <er...@systheo.com>]

Hi,

It seems well known that we can only access to authentication context inside
a protected area... Looks strange because some "public" pages may look
slighty different when someone is authenticated (show a username for
example).

The solution (weird but taken from the docs) seems to auth-protect every
public space pipelines without handler parameter: " If the pipeline does
not use the auth-protect action or the parameter handler is missing, the
document is accessible by any user." But it doesn't work:
"org.apache.cocoon.ProcessingException: Unknown handler to check: null"

The solution i see is to use the 'UserStatus' stored in the session after a
sucessfull login, and try to reget the xml profile.

Now, perhaps it will be a lot simpler (and efficient) to put the
authentication context in a permanent session space (ie alive not only
during an auth-protect action, but as long as the authentication is valid).

What about the impossibility to retrieve the profile with jxtg ? I don't
want to use sitemap parameters, we've got 10 of tags with differents
attributes inside our profiles (we need the dom), and I don't want to go
through flowscript, put something in the FOM session, and go back to jxtg:
it's really ugly :-)

What do you think ?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org