You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cocoon.apache.org by Henrik Gustafsson <he...@telepo.com> on 2004/10/28 17:34:00 UTC

401 from the Authentication Framework

I'm happily using the Authentication Framework to control access 
and presentation of my site. The authorization data is fetched from 
radius and a quite complex authentication session context is used.

One of the protected resources is fetched by a device that expect 
to get a 401 and cannot handle  the form based login.

Is it possible to configure a handler in the authentication manager 
to send a 401 instead of doing a redirect? I do not like to put the 
authentication of this resource in the web.xml configuration of the 
container, since then I would not be able to reuse the Radius 
Authenticator that is creating the session context .

If this is not possible, I would like some pointers where to modify 
or what type of component could be used to plug in support 
for 401.

Or, should I stop using the Authentication Framework and do 
all authentication in the container configuration? I do not like to 
have it in two different places. I do understand the argument that 
authentication is a typical task for the container, but it is very 
convenient to have full control in the sitemap.

/Henrik Gustafsson


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: 401 from the Authentication Framework

Posted by Henrik Gustafsson <he...@telepo.com>.

I tried that but that is still generating a 302 to the pipeline 

sending 401. Maybe I'm doing something wrong?

 

The redirect-to uri is "cocoon:/login" and the pipeline is:

<map:match pattern="login">

  <map:generate src="docs/error.html"/>
  <map:serialize status-code="401"/>

<map:match>



Should I use something else to make the redirect 

handled internally?

 

I guess, my problem is quite unusual since most HTTP clients 

can handle 3xx status codes, but I did solve it by adding a 

challenge element with a realm attribute to the authentication 

handler config.

 

If the challenge element is used instead of the redirect-to 

element the AuthenticationManager will use the redirector to 

send a 401 on the auth-protect action instead of sending a 302.

Right now I'm only generating a basic challenge but that is 

alright for me since the radius authentication is using chap and 

that requires the password in clear text anyway.

 

I would really like to use something in cocoon without patching 

it, that would be preferred. But if that is not possible, could I 

configure which AuthenticationManager I would like to use? 

Right now I'm patching the DefaultAuthenticationManager, 

that is not beautiful, I would rather have my own auth manager 

configured in the cocoon.xconf.


/Henrik Gustafsson

----- Original Message ----- 
From: "Ralph Goers" <Ra...@dslextreme.com>
To: <us...@cocoon.apache.org>
Sent: Sunday, October 31, 2004 6:58 PM
Subject: Re: 401 from the Authentication Framework


> Henrik,
> 
> If the authentication handler is configured so that the redirect-to uri 
> is a cocoon pipeline, that pipeline could cause the 401 to be returned.  
> I don't think the authentication manager needs to be modified at all for 
> this. 
> 
> If this won't work for some reason don't hesitate to reply.
> 
> Ralph 
> 
> Henrik Gustafsson wrote:
> 
>> I'm happily using the Authentication Framework to control access and 
>> presentation of my site. The authorization data is fetched from radius 
>> and a quite complex authentication session context is used.
>>
>> One of the protected resources is fetched by a device that expect to 
>> get a 401 and cannot handle  the form based login.
>>
>> Is it possible to configure a handler in the authentication manager to 
>> send a 401 instead of doing a redirect? I do not like to put the 
>> authentication of this resource in the web.xml configuration of the 
>> container, since then I would not be able to reuse the Radius 
>> Authenticator that is creating the session context .
>>
>> If this is not possible, I would like some pointers where to modify or 
>> what type of component could be used to plug in support for 401.
>>
>> Or, should I stop using the Authentication Framework and do all 
>> authentication in the container configuration? I do not like to have 
>> it in two different places. I do understand the argument that 
>> authentication is a typical task for the container, but it is very 
>> convenient to have full control in the sitemap.
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: 401 from the Authentication Framework

Posted by Ralph Goers <Ra...@dslextreme.com>.

Henrik,

If the authentication handler is configured so that the redirect-to uri 
is a cocoon pipeline, that pipeline could cause the 401 to be returned.  
I don't think the authentication manager needs to be modified at all for 
this. 

If this won't work for some reason don't hesitate to reply.

Ralph 

Henrik Gustafsson wrote:

> I'm happily using the Authentication Framework to control access and 
> presentation of my site. The authorization data is fetched from radius 
> and a quite complex authentication session context is used.
>
> One of the protected resources is fetched by a device that expect to 
> get a 401 and cannot handle  the form based login.
>
> Is it possible to configure a handler in the authentication manager to 
> send a 401 instead of doing a redirect? I do not like to put the 
> authentication of this resource in the web.xml configuration of the 
> container, since then I would not be able to reuse the Radius 
> Authenticator that is creating the session context .
>
> If this is not possible, I would like some pointers where to modify or 
> what type of component could be used to plug in support for 401.
>
> Or, should I stop using the Authentication Framework and do all 
> authentication in the container configuration? I do not like to have 
> it in two different places. I do understand the argument that 
> authentication is a typical task for the container, but it is very 
> convenient to have full control in the sitemap.
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org