Hello Matthew,
Let me start my commending U on the well written article, however I have
some questions ........
I have played around with the sunshine basic authentication and it works
, however my requirements are the following..
Please advise whether this can be achieved with the current architecture
or should I forego using sunRise
Following is the pipeline fragment
<map:match pattern="protected/**">
<map:act type="sunRise-auth">
<map:parameter name="handler" value="foo-handler"/>
</map:act>
<map:generate type="serverpages " src ="docs/xsp/{1}" />
<map:transform src="stylesheets/html/mainhtml.xsl" />
<map:serialize />
</map:match>
The requirement is that any pattern with URI protected/* should be
authenticated.
Let me explain what would happen
1. For the first access to the protected/* resource
2. The sunrise Auth action redirects the request to the login page
3. The pipeline for login page will throw an html page that calls the
pipeline foo-login.
a. If the login is successful that it gets redirected to foo-protected
b. If failure it executes the pipeline fragment defined outside the
action sunRise-login
Question:
For first time access, How does foo-authUser gets called at all?
If the access for the protected is not the first time
1. The uri for authentication is invoked .In this case foo-authuser. If
there is a validation against database, for each access
There is database access (Am I right).
2. If there is a failure in authuser (for eg: password changed somehow
or user was made inactive in database), what will happen.
If the access to the protected/* had some request parameters for eg:
/protected/testXSP?param=a¶m2=b
Since there is a URL post to the login page, wouldn't the request be
re-written and all the parameters get lost and when the user is
redirected to the original url
The request object is not the original one.
In the context of the above example
1. User requests the URL /protected/testXSP?param1=a¶m2=b
2. Let us assume that this is the first access. The user is redirected
to the login page.
3. User enters user id and password and this presses submit button.
4. The user gets authenticated and gets re-directed to the original
resource /protected/testXSP. How will I get the original request
patameters param1 & param2.
Since the user was redirected many times the request object is not the
original one.
In my view,
sunshine authentication should only be used for login and not
for page level authentication as user may loose the request parameters.
(I hope I am wrong)
Also in the tutorial
(http://www.need-a-cake.com/stories/2002/02/28/usingTheSunriseComponents
.html ), there is a mention about how to ensure that the user get
re-directed to the original requested resource.
Should the sunrise Action be modified (by code) to achieve this or is it
possible with configuration. (How do I pass the resource parameter from
pipeline fragment to the sunrise Action) ? Can anyone describe the
setup, if one has achieved this
Sorry for the length mail, I hope I've stated my case...
Regds,
Chiths
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
