You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Henrik Gustafsson <he...@telepo.com> on 2004/10/28 17:34:00 UTC
401 from the Authentication Framework
I'm happily using the Authentication Framework to control access
and presentation of my site. The authorization data is fetched from
radius and a quite complex authentication session context is used.
One of the protected resources is fetched by a device that expect
to get a 401 and cannot handle the form based login.
Is it possible to configure a handler in the authentication manager
to send a 401 instead of doing a redirect? I do not like to put the
authentication of this resource in the web.xml configuration of the
container, since then I would not be able to reuse the Radius
Authenticator that is creating the session context .
If this is not possible, I would like some pointers where to modify
or what type of component could be used to plug in support
for 401.
Or, should I stop using the Authentication Framework and do
all authentication in the container configuration? I do not like to
have it in two different places. I do understand the argument that
authentication is a typical task for the container, but it is very
convenient to have full control in the sitemap.
/Henrik Gustafsson
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: 401 from the Authentication Framework
Posted by Henrik Gustafsson <he...@telepo.com>.
I tried that but that is still generating a 302 to the pipeline
sending 401. Maybe I'm doing something wrong?
The redirect-to uri is "cocoon:/login" and the pipeline is:
<map:match pattern="login">
<map:generate src="docs/error.html"/>
<map:serialize status-code="401"/>
<map:match>
Should I use something else to make the redirect
handled internally?
I guess, my problem is quite unusual since most HTTP clients
can handle 3xx status codes, but I did solve it by adding a
challenge element with a realm attribute to the authentication
handler config.
If the challenge element is used instead of the redirect-to
element the AuthenticationManager will use the redirector to
send a 401 on the auth-protect action instead of sending a 302.
Right now I'm only generating a basic challenge but that is
alright for me since the radius authentication is using chap and
that requires the password in clear text anyway.
I would really like to use something in cocoon without patching
it, that would be preferred. But if that is not possible, could I
configure which AuthenticationManager I would like to use?
Right now I'm patching the DefaultAuthenticationManager,
that is not beautiful, I would rather have my own auth manager
configured in the cocoon.xconf.
/Henrik Gustafsson
----- Original Message -----
From: "Ralph Goers" <Ra...@dslextreme.com>
To: <us...@cocoon.apache.org>
Sent: Sunday, October 31, 2004 6:58 PM
Subject: Re: 401 from the Authentication Framework
> Henrik,
>
> If the authentication handler is configured so that the redirect-to uri
> is a cocoon pipeline, that pipeline could cause the 401 to be returned.
> I don't think the authentication manager needs to be modified at all for
> this.
>
> If this won't work for some reason don't hesitate to reply.
>
> Ralph
>
> Henrik Gustafsson wrote:
>
>> I'm happily using the Authentication Framework to control access and
>> presentation of my site. The authorization data is fetched from radius
>> and a quite complex authentication session context is used.
>>
>> One of the protected resources is fetched by a device that expect to
>> get a 401 and cannot handle the form based login.
>>
>> Is it possible to configure a handler in the authentication manager to
>> send a 401 instead of doing a redirect? I do not like to put the
>> authentication of this resource in the web.xml configuration of the
>> container, since then I would not be able to reuse the Radius
>> Authenticator that is creating the session context .
>>
>> If this is not possible, I would like some pointers where to modify or
>> what type of component could be used to plug in support for 401.
>>
>> Or, should I stop using the Authentication Framework and do all
>> authentication in the container configuration? I do not like to have
>> it in two different places. I do understand the argument that
>> authentication is a typical task for the container, but it is very
>> convenient to have full control in the sitemap.
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: 401 from the Authentication Framework
Posted by Ralph Goers <Ra...@dslextreme.com>.
Henrik,
If the authentication handler is configured so that the redirect-to uri
is a cocoon pipeline, that pipeline could cause the 401 to be returned.
I don't think the authentication manager needs to be modified at all for
this.
If this won't work for some reason don't hesitate to reply.
Ralph
Henrik Gustafsson wrote:
> I'm happily using the Authentication Framework to control access and
> presentation of my site. The authorization data is fetched from radius
> and a quite complex authentication session context is used.
>
> One of the protected resources is fetched by a device that expect to
> get a 401 and cannot handle the form based login.
>
> Is it possible to configure a handler in the authentication manager to
> send a 401 instead of doing a redirect? I do not like to put the
> authentication of this resource in the web.xml configuration of the
> container, since then I would not be able to reuse the Radius
> Authenticator that is creating the session context .
>
> If this is not possible, I would like some pointers where to modify or
> what type of component could be used to plug in support for 401.
>
> Or, should I stop using the Authentication Framework and do all
> authentication in the container configuration? I do not like to have
> it in two different places. I do understand the argument that
> authentication is a typical task for the container, but it is very
> convenient to have full control in the sitemap.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org