cziegeler 02/05/29 06:38:49
Modified: src/documentation/xdocs/developing authentication.xml
src/java/org/apache/cocoon/components
CocoonComponentManager.java
src/java/org/apache/cocoon/webapps/authentication
authentication-act.xmap
src/java/org/apache/cocoon/webapps/authentication/acting
AuthAction.java
src/java/org/apache/cocoon/webapps/authentication/components
AuthenticationManager.java
src/webapp sitemap.xmap
src/webapp/sunspotdemo portaldemo-act.xpipe
Log:
Finally changed configuration of authentication framework from action to global
configuration
Revision Changes Path
1.3 +64 -63
xml-cocoon2/src/documentation/xdocs/developing/authentication.xml
Index: authentication.xml
===================================================================
RCS file:
/home/cvs/xml-cocoon2/src/documentation/xdocs/developing/authentication.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- authentication.xml 8 May 2002 06:21:38 -0000 1.2
+++ authentication.xml 29 May 2002 13:38:48 -0000 1.3
@@ -9,39 +9,39 @@
</header>
<body>
<s1 title="Introduction">
- <p>The central point for building a web application is authentication. It is a
- flexible module for authentication and user management. A user can be
- legitimated using any information available via any source, e.g. a database
or
+ <p>The central point for building a web application is authentication. The
Cocoon
+ authentication package is a flexible module for authentication and user
management.
+ A user can be legitimated using any information available via any source,
e.g. a database or
LDAP. With this mechanism it is very easy and fast to use an exisiting user
management/authentication system.</p>
</s1>
<s1 title="Sitemap-Components">
<p>The authentication Framework adds some actions to the sitemap: the
<en>auth-protect</en>
action, the <en>auth-login</en> action, the <en>auth-logout</en> action
- and the <en>auth-loggedIn</en> action. The <en>auth-protect</en> action gets
- the configuration for the authentication framework and controlles the
pipelines. The
- <en>auth-login</en> and the <en>auth-logout</en> action control the
- authentication the <en>auth-loggedIn</en> action controlles the application
+ and the <en>auth-loggedIn</en> action. The <en>authentication-manager</en>
gets
+ the configuration for the authentication framework and the actions controle
the pipelines.
+ The <en>auth-login</en> and the <en>auth-logout</en> action control the
+ authentication whereas the <en>auth-loggedIn</en> action controls the
application
flow.</p>
<p>The use of the authentication framework and its components is described in
the following
chapters.</p>
</s1>
<s1 title="User Authentication">
- <p>One feature of the framework is the user authentication. A resource can be
+ <p>One feature of the framework is the user authentication. A document can be
accessible for everyone or it can be protected using this framework. The
process of
- requesting a resource can be described as follows:</p>
+ requesting a document can be described as follows:</p>
<ol>
- <li>The user request a resource (original resource).
+ <li>The user request a document (original document).
</li>
- <li>The framework checks if this resource is protected. If no protection
- is specified, the response to the request is this original resource.
+ <li>The framework checks if this document is protected. If no protection
+ is specified, the response to the request is this original document.
</li>
- <li>The resource is protected and the framework checks, if the user is
+ <li>The document is protected and the framework checks, if the user is
authenticated to view it.
</li>
<li>If the user is authenticated, the response is the original
- resource. If not the framework redirects to a special redirect-to
resource. This
- redirect-to resource is freely configurable and can for example contain
+ document. If not the framework redirects to a special redirect-to
document. This
+ redirect-to document is freely configurable and can for example contain
information about the unauthorized access and in addition a login form.
</li>
<li>Using the login form an authentication resource can be called
@@ -49,9 +49,9 @@
authentication resource uses the framework for the authentication process.
</li>
<li>In case of a successful authentication the framework can redirect to
- the original resource (or to any configured start resource).
+ the original document (or to any configured start document).
</li>
- <li>If the authentication failed another resource is invoked by
+ <li>If the authentication failed another document is invoked by
the framework displaying information to the user.
</li>
</ol>
@@ -73,14 +73,14 @@
<li>The authentication resource which does the real
authentication.
</li>
- <li>The redirect-to resource where the framework redirects to for any
+ <li>The redirect-to document where the framework redirects to for any
unauthorized request.
</li>
</ul>
<p>Using a unique name for each handler (only alphabetical characters
and digits are allowed for the handler name), the framework manages
different
handlers. So various parts of the sitemap can be protected in different
ways. A
- resource can be protected by calling this handler using the auth-protect
+ document can be protected by calling this handler using the
<en>auth-protect</en>
action. The "auth-protect" action must be included in the pipeline of the
resource. It gets the handler information as a parameter:</p>
<source><map:match pattern="protectedresource">
@@ -91,27 +91,27 @@
...
</map:match></source>
<p>If the pipeline does not use the "auth-protect" action or the
- parameter "handler" is missing, the resource is accessible by any
user.</p>
+ parameter "handler" is missing, the document is accessible by any
user.</p>
</s2>
- <s2 title="The redirect-to resource">
- <p>If the requested resource is not accessible for the user, the framework
- redirects to a special redirect-to resource. This resource is a mandatory
+ <s2 title="The redirect-to document">
+ <p>If the requested document is not accessible for the user, the framework
+ redirects to a special redirect-to document. This document is a mandatory
configuration of the authentication handler:</p>
- <source><action name="auth-protect" ...>
+
<source><org.apache.cocoon.webapps.authentication.components.AuthenticationManager>
<handlers>
<!-- Now follows the handlers configuration -->
<handler name="unique">
<redirect-to uri="cocoon://loginpage"/> <!-- The login resource
-->
</handler>
</handlers>
-</action></source>
- <p>This redirect-to resource is an unprotected resource in the
- sitemap. For tracking which resource was requested, the redirect-to
resource
+</org.apache.cocoon.webapps.authentication.components.AuthenticationManager></source>
+ <p>This redirect-to document is an unprotected document in the
+ sitemap. For tracking which document was requested, the redirect-to
document
gets the request parameter "resource" with the value. In addition all
parameters specified inside the <en>redirect-to</en> tag of the handler
- configuration are passed to the resource.</p>
- <p>This redirect-to resource can contain a form for the user
- authentication. This form should invoke the real login resource which is
+ configuration are passed to the document.</p>
+ <p>This redirect-to document can contain a form for the user
+ authentication. This form should invoke the real login document which is
described below.</p>
<p>The authentication process is done by the "auth-login" action.
The login resource contains this action: </p>
@@ -159,7 +159,7 @@
<p>Using this flexible approach nearly any kind of authentication is
possible (e.g. database, LDAP). The authentication resource is another
mandatory configuration of the authentication handler:</p>
- <source><action name="auth-protect" ...>
+
<source><org.apache.cocoon.webapps.authentication.components.AuthenticationManager>
<handlers>
<!-- Now follows the handlers configuration -->
<handler name="unique">
@@ -167,7 +167,7 @@
<authentication uri="cocoon:raw://authenticationresource"/>
</handler>
</handlers>
-</action></source>
+</org.apache.cocoon.webapps.authentication.components.AuthenticationManager></source>
<p>If the authentication resource is a sitemap resource or a remote
resource, this resource is requested by the framework with the given
parameters from
the <en>auth-login</en> action (see previous chapter: parameters: userid
and
@@ -209,14 +209,15 @@
</s2>
<s2 title="Working With subsitemaps">
<p>The common solution for the framework and subsitemaps is to define the
- handler (and therefore the auth-protect action) in the main sitemap. The
resources
+ handler (in the main sitemap. The documents
in the subsitemap are then simply protected in the same way as if the
action
were declared in the main sitemap. This makes moving resources from one
sitemap
to the other very simple.</p>
<p><Strong>However, there is one drawback with this solution. After
you have started your server, make sure that first a resource using the
framework
from the main sitemap is invoked, before any of the
subsitemap!</Strong></p>
-
+ <p><Strong>The definition of handlers in a sub-sitemap is a TODO and will be
+ available in the next release.</Strong></p>
</s2>
</s1>
<s1 title="User Management">
@@ -259,7 +260,7 @@
<s2 title="Configuring an Application">
<p>A "authentication" application is related to one authentication handler,
so an
application is part of the authentication handler configuration:</p>
- <source><action name="auth-protect" ...>
+
<source><org.apache.cocoon.webapps.authentication.components.AuthenticationManager>
<handlers>
<handler name="unique">
....redirect-to/authentication configuration
@@ -271,7 +272,7 @@
</applications>
</handler>
</handlers>
-</action></source>
+</org.apache.cocoon.webapps.authentication.components.AuthenticationManager></source>
<p>A configuration for an application consists of a unique name (only
alphabetical characters and digits are allowed for the application name)
and
optional load and save resources. The application configuration can
contain
@@ -332,7 +333,7 @@
configuring such components.</p>
<p>The module configuration is part of the application
configuration:</p>
- <source><action name="auth-protect" ...>
+
<source><org.apache.cocoon.webapps.authentication.components.AuthenticationManager>
<handlers>
<handler name="unique">
....redirect-to/authentication configuration
@@ -346,7 +347,7 @@
</applications>
</handler>
</handlers>
-</action></source>
+</org.apache.cocoon.webapps.authentication.components.AuthenticationManager></source>
<p>So whenever the portal engine is asked to build the portal it can
easily retrieve its configuration from the current application by getting
the
module configuration named "portal".</p>
@@ -355,7 +356,7 @@
<p>Using the framework it is possible to add new roles to the system and to
add new users. For this purpose, there are several optional entries for the
authentication handler which provide the needed functionality:</p>
- <source><action name="auth-protect">
+
<source><org.apache.cocoon.webapps.authentication.components.AuthenticationManager>
<handlers>
<handler name="unique">
...redirect-to/authentication configuration...
@@ -382,7 +383,7 @@
<delete-user uri="cocoon:raw://financeresource-sunrise-deluser"/>
</handler>
</handlers>
-</action></source>
+</org.apache.cocoon.webapps.authentication.components.AuthenticationManager></source>
<p>The entries are described in the following subchapters. All tags can
have additional parameter definitions which are passed to the given
resource,
e.g:</p>
@@ -465,7 +466,7 @@
<s1 title="Configuration Summary">
<p>Here is a brief summary of the authentication handler configuration: </p>
- <source><action name="auth-protect">
+
<source><org.apache.cocoon.webapps.authentication.components.AuthenticationManager>
<handlers>
<handler name="unique">
<redirect-to uri="cocoon:raw://loginpage"/> <!-- The redirect-to
resource -->
@@ -502,20 +503,20 @@
</handler>
</handlers>
-</action></source>
+</org.apache.cocoon.webapps.authentication.components.AuthenticationManager></source>
</s1>
<s1 title="Pipeline Patterns">
- <p>As explained in the previous chapters, the framework uses the auth-protect
- action for authentication and protecting resources. This chapter shows some
- common used patterns of the pipelines for using the framework.</p>
- <s2 title="Single protected resource">
- <p>For protecting a resource with a authentication handler only the
auth-protect
+ <p>As explained in the previous chapters, the framework uses the
<en>auth-protect</en>
+ action for authentication and protecting documents. This chapter shows some
+ common used pipeline patterns for using this framework.</p>
+ <s2 title="Single protected document">
+ <p>For protecting a document with an authentication handler only the
<en>auth-protect</en>
action with the parameter configuration for the handler is required.</p>
<p>Pattern:</p>
<ol>
<li>Pipeline matching
</li>
- <li>Using the auth-protect action for protecting
+ <li>Using the <en>auth-protect</en> action for protecting
</li>
</ol>
<p>Example:</p>
@@ -528,22 +529,22 @@
<map:serialize/>
</map:act>
</map:match></source>
- <p>It is very important that the auth-protect action wrapps the real
+ <p>It is very important that the <en>auth-protect</en> action wrapps the
real
pipeline, as the pipeline is only invoked if the action grants access. The
matching must be done before the action is checked as the action performs
a
- redirect for this resource.</p>
+ redirect for this document.</p>
</s2>
- <s2 title="Multiple protected resources">
- <p>Often you want to protect a bunch of resources in the same way. One
- solution is to use the single protected resource pattern for each
resource.
- With the multiple protected resource pattern you only have to use the
action
- once for all resources and not within each resource.</p>
- <p>The prerequisite for this is a common pattern for the
- resources:</p>
+ <s2 title="Multiple protected documents">
+ <p>Often you want to protect a bunch of documents in the same way. One
+ solution is to use the single protected document pattern for each
document.
+ With the multiple protected document pattern you only have to use the
action
+ once for all documents and not within each document pipeline.</p>
+ <p>The prerequisite for this is a common matching pattern for the
+ documents:</p>
<ol>
<li>Pipeline pattern matching
</li>
- <li>Using the auth-protect action for protection
+ <li>Using the <en>auth-protect</en> action for protection
</li>
<li>Pipeline matching
</li>
@@ -567,12 +568,12 @@
</map:act>
</map:match></source>
- <p>Very important - as explained with the single resource pattern - is
+ <p>Very important - as explained with the single document pattern - is
the leading match before the action is performed. The second match is
required
to check which pipeline to use.</p>
</s2>
<s2 title="Controlling the Application Flow">
- <p>If you want to create resources which behave different wheather you
+ <p>If you want to create documents which behave different wheather you
are logged in or not, the <en>auth-loggedIn</en> action is the component
to
controll your application flow. This action checks if the user is
authenticated
for a given handler and calls all sitemap components inside the
<en>act</en>
@@ -590,7 +591,7 @@
<map:serialize/>
</map:match></source>
<p>In the example above, if the user is already logged he is
- redirected to the <en>loggedInStartPage</en> resource. If he is not
logged in
+ redirected to the <en>loggedInStartPage</en> document. If he is not
logged in
for the given handler, the usual start page is generated.</p>
<p>Both actions, the <en>auth-protect</en> and the
<en>auth-loggedIn</en> action return - if the user is logged in for the
@@ -607,9 +608,9 @@
</map:act>
</map:match></source>
- <p>But the auth-loggedIn action does not give the included pipeline
+ <p>But the <en>auth-loggedIn</en> action does not give the included pipeline
access to the authentication context belonging to the handler. If you
want this, you
- have to nest the auth-protect action inside!</p>
+ have to nest the <en>auth-protect</en> action inside!</p>
<source><map:match pattern"start">
<map:act type="auth-loggedIn"> <!-- check authentication -->
1.21 +3 -3
xml-cocoon2/src/java/org/apache/cocoon/components/CocoonComponentManager.java
Index: CocoonComponentManager.java
===================================================================
RCS file:
/home/cvs/xml-cocoon2/src/java/org/apache/cocoon/components/CocoonComponentManager.java,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- CocoonComponentManager.java 29 May 2002 12:50:20 -0000 1.20
+++ CocoonComponentManager.java 29 May 2002 13:38:48 -0000 1.21
@@ -81,7 +81,7 @@
* and by handling the lookup of the <code>SourceResolver</code> (in development)
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Carsten Ziegeler</a>
- * @version CVS $Id: CocoonComponentManager.java,v 1.20 2002/05/29 12:50:20
cziegeler Exp $
+ * @version CVS $Id: CocoonComponentManager.java,v 1.21 2002/05/29 13:38:48
cziegeler Exp $
*/
public final class CocoonComponentManager
extends ExcaliburComponentManager
@@ -225,8 +225,6 @@
if (component instanceof Recomposable) {
((Recomposable) component).recompose(this);
}
- ((RequestLifecycleComponent)
component).setup((org.apache.cocoon.environment.SourceResolver)objects[0],
- (Map)objects[1]);
if (component instanceof SitemapConfigurable) {
for(int i=0; i < stack.size(); i++) {
Object[] o = (Object[])stack.get(i);
@@ -239,6 +237,8 @@
}
}
}
+ ((RequestLifecycleComponent)
component).setup((org.apache.cocoon.environment.SourceResolver)objects[0],
+ (Map)objects[1]);
} catch (Exception local) {
throw new ComponentException("Exception during setup of
RequestLifecycleComponent with role '"+role+"'", local);
}
1.2 +1 -5
xml-cocoon2/src/java/org/apache/cocoon/webapps/authentication/authentication-act.xmap
Index: authentication-act.xmap
===================================================================
RCS file:
/home/cvs/xml-cocoon2/src/java/org/apache/cocoon/webapps/authentication/authentication-act.xmap,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- authentication-act.xmap 17 Apr 2002 10:27:51 -0000 1.1
+++ authentication-act.xmap 29 May 2002 13:38:48 -0000 1.2
@@ -4,11 +4,7 @@
unless="action[@name='auth-protect']">
<map:action name="auth-protect"
- src="org.apache.cocoon.webapps.authentication.acting.AuthAction">
- <handlers>
- </handlers>
- </map:action>
-
+ src="org.apache.cocoon.webapps.authentication.acting.AuthAction"/>
<map:action name="auth-login"
src="org.apache.cocoon.webapps.authentication.acting.LoginAction"/>
<map:action name="auth-logout"
1.2 +2 -11
xml-cocoon2/src/java/org/apache/cocoon/webapps/authentication/acting/AuthAction.java
Index: AuthAction.java
===================================================================
RCS file:
/home/cvs/xml-cocoon2/src/java/org/apache/cocoon/webapps/authentication/acting/AuthAction.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- AuthAction.java 17 Apr 2002 10:04:52 -0000 1.1
+++ AuthAction.java 29 May 2002 13:38:48 -0000 1.2
@@ -52,9 +52,6 @@
import java.util.Map;
import java.util.HashMap;
-import org.apache.avalon.framework.configuration.Configurable;
-import org.apache.avalon.framework.configuration.Configuration;
-import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.avalon.framework.parameters.Parameters;
import org.apache.avalon.framework.thread.ThreadSafe;
import org.apache.cocoon.acting.ComposerAction;
@@ -75,11 +72,11 @@
* using a handler. If not a redirect takes place.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Carsten Ziegeler</a>
- * @version CVS $Id: AuthAction.java,v 1.1 2002/04/17 10:04:52 cziegeler Exp $
+ * @version CVS $Id: AuthAction.java,v 1.2 2002/05/29 13:38:48 cziegeler Exp $
*/
public final class AuthAction
extends ComposerAction
-implements ThreadSafe, Configurable {
+implements ThreadSafe {
public Map act(Redirector redirector,
SourceResolver resolver,
@@ -136,12 +133,6 @@
this.getLogger().debug("END act map="+map);
}
return map;
- }
-
- public void configure(Configuration configuration)
- throws ConfigurationException {
- // pass the configuration on to the authManager component
- AuthenticationManager.setConfiguration(configuration);
}
}
1.6 +2 -5
xml-cocoon2/src/java/org/apache/cocoon/webapps/authentication/components/AuthenticationManager.java
Index: AuthenticationManager.java
===================================================================
RCS file:
/home/cvs/xml-cocoon2/src/java/org/apache/cocoon/webapps/authentication/components/AuthenticationManager.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- AuthenticationManager.java 29 May 2002 12:50:21 -0000 1.5
+++ AuthenticationManager.java 29 May 2002 13:38:48 -0000 1.6
@@ -98,7 +98,7 @@
* This is the basis authentication component.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Carsten Ziegeler</a>
- * @version CVS $Id: AuthenticationManager.java,v 1.5 2002/05/29 12:50:21 cziegeler
Exp $
+ * @version CVS $Id: AuthenticationManager.java,v 1.6 2002/05/29 13:38:48 cziegeler
Exp $
*/
public final class AuthenticationManager
extends AbstractSessionComponent
@@ -167,9 +167,6 @@
* instance
*/
private static Configuration authenticationConfiguration;
- public static void setConfiguration(Configuration configuration) {
- authenticationConfiguration = configuration;
- }
/**
* Recyclable
@@ -188,7 +185,7 @@
*/
public void setSitemapConfiguration(Configuration config)
throws ConfigurationException {
- System.out.println("Got config: " + config);
+ authenticationConfiguration = config;
}
/**
1.60 +7 -0 xml-cocoon2/src/webapp/sitemap.xmap
Index: sitemap.xmap
===================================================================
RCS file: /home/cvs/xml-cocoon2/src/webapp/sitemap.xmap,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- sitemap.xmap 29 May 2002 08:20:26 -0000 1.59
+++ sitemap.xmap 29 May 2002 13:38:49 -0000 1.60
@@ -459,6 +459,13 @@
-->
<map:pipelines>
+ <map:global-parameters>
+ <!-- Define global parameters here -->
+ </map:global-parameters>
+ <map:component-configurations>
+ <!-- Define component configuration here -->
+ </map:component-configurations>
+
<!-- MyApp - minimal Cocoon Application Mount -->
<map:pipeline>
<map:match pattern="myapp/**">
1.3 +8 -4 xml-cocoon2/src/webapp/sunspotdemo/portaldemo-act.xpipe
Index: portaldemo-act.xpipe
===================================================================
RCS file: /home/cvs/xml-cocoon2/src/webapp/sunspotdemo/portaldemo-act.xpipe,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- portaldemo-act.xpipe 22 May 2002 13:45:13 -0000 1.2
+++ portaldemo-act.xpipe 29 May 2002 13:38:49 -0000 1.3
@@ -1,9 +1,11 @@
<?xml version="1.0"?>
-<xpipe xpath="/sitemap/components/actions/action[@name='auth-protect']/handlers"
- unless="handler[@name='sunspotdemohandler']">
+<xpipe xpath="/sitemap/pipelines/component-configurations"
+
unless="org.apache.cocoon.webapps.authentication.components.AuthenticationManager">
- <handler name="sunspotdemohandler"
xmlns:map="http://apache.org/cocoon/sitemap/1.0";
xmlns:sunshine="http://sunshine.sundn.de/sunshine/1.0";>
+ <org.apache.cocoon.webapps.authentication.components.AuthenticationManager>
+ <handlers>
+ <handler name="sunspotdemohandler">
<redirect-to uri="cocoon://sunspotdemoportal"/>
<authentication
uri="cocoon:raw://sunspotdemoresource-sunrise-authuser"/>
<load-users uri="cocoon:raw://sunspotdemoresource-sunrise-loaduser"/>
@@ -39,5 +41,7 @@
</configuration>
</application>
</applications>
- </handler>
+ </handler>
+ </handlers>
+ </org.apache.cocoon.webapps.authentication.components.AuthenticationManager>
</xpipe>
----------------------------------------------------------------------
In case of troubles, e-mail: [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
