Re: Authentication framework sample and Mozilla...

[jin wu]

hi oliver,
i have the similar but worse problem than you. Using Netscape 4.78 or IE 
6.0, the protected resource is protected well during the first time 
login-access-logout-deny process, however, after i tried the same process 
the second time, the protected resource is still accessable after i logout. 
the environment i am using is:
+-------------------------------------------------------+
|win2000                                                |
|cocoon 2.0.4 (bin file with cocoon-scratchpad.jar)     |
|Tomcat 4.1.18                                          |
|java 1.3.06                                            |
+-------------------------------------------------------+

And here is part of my sitemap:

......
  <map:action name="sunRise-auth" 
src="org.apache.cocoon.sunshine.sunrise.acting.AuthAction">
      <handlers>
<handler name="foo-handler" xmlns:map="http://apache.org/cocoon/sitemap/1.0"; 
xmlns:sunshine="http://sunshine.sundn.de/sunshine/1.0";>
           <redirect-to uri="cocoon://foo-loginpage"/>
           <authentication uri="cocoon:raw://foo-authuser"/>
        </handler>

......

<!-- =============== AUTHENTICATE Sample =========================== -->
<map:pipeline>
     <map:match pattern="foo-loginpage">
       <map:generate src="samples/foo/loginpage.xml"/>
       <map:transform src="samples/foo/loginpage.xsl" />
       <map:transform type="encodeURL" />
       <map:serialize />
     </map:match>
     <map:match pattern="foo-login">
       <map:act type="sunRise-login">
         <map:parameter name="handler" value="foo-handler"/>
         <map:parameter name="parameter_name" value="request:name"/>
         <map:parameter name="parameter_password" 
value="request:password"/>
         <!-- If the authentication is successfull then this redirect will 
be performed -->
         <map:redirect-to uri="foo-protected"/>
       </map:act>
       <!-- authentication failed: -->
       <map:generate src="samples/foo/login-failed.xml"/>
       <map:transform src="stylesheets/simple-xml2html.xsl"/>
      <map:serialize/>
    </map:match>
    <map:match pattern="foo-logout">
      <map:act type="sunRise-auth">
         <map:parameter name="handler" value="foo-handler"/>
         <map:act type="sunRise-logout"/>
      </map:act>
    </map:match>
    <map:match pattern="foo-authuser">
          <map:generate src="samples/foo/foo-user.xml"/>
          <map:transform src="samples/foo/foo-user.xsl">
             <map:parameter name="use-request-parameters" value="true" />
          </map:transform>
          <map:serialize type ="xml"/>
    </map:match>
    <map:match pattern="foo-protected">
         <map:act type="sunRise-auth">
             <map:parameter name="handler" value="foo-handler"/>
             <map:generate src="samples/foo/foo-resource.xml"/>
         </map:act>
         <map:transform src = "stylesheets/simple-xml2html.xsl"/>
         <map:serialize/>
    </map:match>
</map:pipeline>
<!-- =============== End Of AUTH Sample ============================ -->

......

Hope we could find out the problem or solution.

brdgs,
j.w




From: "Olivier Billard" <[EMAIL PROTECTED]>
Reply-To: "Olivier Billard" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>, "Olivier Billard" <[EMAIL PROTECTED]>
Subject: Re: Authentication framework sample and Mozilla...
Date: Wed, 2 Apr 2003 11:24:52 +0200
Even if the cache is set to 0 Ko !
This case doesn't appened in Netscape with the same configuration...
But I suppose other protected pages not in memory cache will send the user
to the login page...
But would it be better (if not done, but in this case I don't understand) 
to
set expiration date to now in all protected pages ?

Sorry if it is a dumb question... ! :)

----- Original Message -----
From: "Olivier Billard" <[EMAIL PROTECTED]>
To: "Cocoon Users" <[EMAIL PROTECTED]>
Sent: Wednesday, April 02, 2003 11:07 AM
Subject: Authentication framework sample and Mozilla...
> Hi all cocooners !
>
> I'm working on using the authentication framework, base on the
> authentication sample, in the Cocoon 2.1 CVS from yesterday.
> I made :
> build clean
> build webapp
> cocoon servlet
>
> With an ooold Netscape (4.78) and IE 6, all works fine : protected area
> access is first denied, and then accepted after logged in, finally 
denied
> when logged out.
> But with Mozilla, when cache option are set to "Never compare with the
> cache" (and cache deleted) the protected area is still accessible, even 
if
I
> logged out...
>
> Is this a bug from Mozilla or Cocoon ?
> This "hole" is pretty disturbing...
>
> Thanks
> --
> Olivier
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*   
http://join.msn.com/?page=features/junkmail

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]