Hi folks, I'm looking for some ideas/suggestions, how I might integrate cocoon better with Apache's basic authentication system or the other way around.
I'm running a departmental website and have recently revamped the layout using cocoon. I've plugged cocoon into apache via mod_jk and for any incoming requests I'm using a split approach in that the view is created by cocoon and most of the static data like Word documents, images etc. are delivered directly through apache. This also allowed to keep the existing basic authentication/authorization from apache for those documents, which I wanted to secure. Now, historically my user/role database is in a Berkely DB file. Then later, when nearly everybody was using PC's connected to a Windows domain, I plugged a mod_auth_samba module into apache. This allowed me to additionally authenticate a user against the Windows domain controller (with a little local DB file for groups/roles). Now, this still works for simple servlets. But it does not work any longer with cocoon since cocoon internally basically works with the pathinfo, which comes after the initial /cocoon in the URL. So I guess, the best I could do, would be to put a .htaccess file into the base webapps/cocoon directory and secure the whole cocoon system, which is not quite, what I want. Now, I know, that cocoon also has a authentication/authorization system (Carsten Zieglers work). I'm now looking for an idea, how I can connect apache with cocoon in terms of authentication and authorization. - Should cocoon redirect to a apache page, which in turn feeds the results of the basic authentication back into cocoon? What would I need to know to do this? - Should I use cocoon for authentication and use the information in the cookie and use the Apache::AuthCookie for the rest of the apache/mod_perl system. Or the other way around? Start with a basic authenticated page, stuff the required info into a cookie and use Apache::AuthCookie for the rest of the apache system and somehow also use the info from the cookie in the cocoon pipelines. I guess, this would mean, I would have to fiddle with JAAS to connect to the Windows domain controller (I tried to make sense from the JAAS documentation, but haven't yet really succeded). I just don't like to introduce another authentication system into my setup. Either switch completely to something new or integrate into the existing setup. I appretiate any thoughts/suggestions you might have. Thank's. -- MfG/Regards Frank Ridderbusch Since I have taken all the Gates out of my computer, it finally works!! --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
