Hi Jin ! I use the cocoon 2.1dev. I think you should try it to check if some bug was fix between our 2 versions by testing the 2.1 dev with your config. If I'm not wrong, the authentication framework was split from the sunRise portal in the 2.1dev.... with maybe some fixes.
I can't reproduce the problem you describe with my config : win2K, "cocoon servlet" (jetty) 2.1dev, java 1.4.1_01. In both IE 6 and Netscape 4.78 Good luck and write back for results ! Regards -- Olivier From: "jin wu" <[EMAIL PROTECTED]> > hi oliver, > i have the similar but worse problem than you. Using Netscape 4.78 or IE > 6.0, the protected resource is protected well during the first time > login-access-logout-deny process, however, after i tried the same process > the second time, the protected resource is still accessable after i logout. > the environment i am using is: > +-------------------------------------------------------+ > |win2000 | > |cocoon 2.0.4 (bin file with cocoon-scratchpad.jar) | > |Tomcat 4.1.18 | > |java 1.3.06 | > +-------------------------------------------------------+ > > And here is part of my sitemap: > > ...... > <map:action name="sunRise-auth" > src="org.apache.cocoon.sunshine.sunrise.acting.AuthAction"> > <handlers> > <handler name="foo-handler" xmlns:map="http://apache.org/cocoon/sitemap/1.0"; > xmlns:sunshine="http://sunshine.sundn.de/sunshine/1.0";> > <redirect-to uri="cocoon://foo-loginpage"/> > <authentication uri="cocoon:raw://foo-authuser"/> > </handler> > > ...... > > <!-- =============== AUTHENTICATE Sample =========================== --> > <map:pipeline> > <map:match pattern="foo-loginpage"> > <map:generate src="samples/foo/loginpage.xml"/> > <map:transform src="samples/foo/loginpage.xsl" /> > <map:transform type="encodeURL" /> > <map:serialize /> > </map:match> > <map:match pattern="foo-login"> > <map:act type="sunRise-login"> > <map:parameter name="handler" value="foo-handler"/> > <map:parameter name="parameter_name" value="request:name"/> > <map:parameter name="parameter_password" > value="request:password"/> > <!-- If the authentication is successfull then this redirect will > be performed --> > <map:redirect-to uri="foo-protected"/> > </map:act> > <!-- authentication failed: --> > <map:generate src="samples/foo/login-failed.xml"/> > <map:transform src="stylesheets/simple-xml2html.xsl"/> > <map:serialize/> > </map:match> > <map:match pattern="foo-logout"> > <map:act type="sunRise-auth"> > <map:parameter name="handler" value="foo-handler"/> > <map:act type="sunRise-logout"/> > </map:act> > </map:match> > <map:match pattern="foo-authuser"> > <map:generate src="samples/foo/foo-user.xml"/> > <map:transform src="samples/foo/foo-user.xsl"> > <map:parameter name="use-request-parameters" value="true" /> > </map:transform> > <map:serialize type ="xml"/> > </map:match> > <map:match pattern="foo-protected"> > <map:act type="sunRise-auth"> > <map:parameter name="handler" value="foo-handler"/> > <map:generate src="samples/foo/foo-resource.xml"/> > </map:act> > <map:transform src = "stylesheets/simple-xml2html.xsl"/> > <map:serialize/> > </map:match> > </map:pipeline> > <!-- =============== End Of AUTH Sample ============================ --> > > ...... > > Hope we could find out the problem or solution. > > brdgs, > j.w > > > > > > >From: "Olivier Billard" <[EMAIL PROTECTED]> > >Reply-To: "Olivier Billard" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]>, "Olivier Billard" <[EMAIL PROTECTED]> > >Subject: Re: Authentication framework sample and Mozilla... > >Date: Wed, 2 Apr 2003 11:24:52 +0200 > > > >Even if the cache is set to 0 Ko ! > >This case doesn't appened in Netscape with the same configuration... > > > >But I suppose other protected pages not in memory cache will send the user > >to the login page... > >But would it be better (if not done, but in this case I don't understand) > >to > >set expiration date to now in all protected pages ? > > > >Sorry if it is a dumb question... ! :) > > > > > >----- Original Message ----- > >From: "Olivier Billard" <[EMAIL PROTECTED]> > >To: "Cocoon Users" <[EMAIL PROTECTED]> > >Sent: Wednesday, April 02, 2003 11:07 AM > >Subject: Authentication framework sample and Mozilla... > > > > > > > Hi all cocooners ! > > > > > > I'm working on using the authentication framework, base on the > > > authentication sample, in the Cocoon 2.1 CVS from yesterday. > > > I made : > > > build clean > > > build webapp > > > cocoon servlet > > > > > > With an ooold Netscape (4.78) and IE 6, all works fine : protected area > > > access is first denied, and then accepted after logged in, finally > >denied > > > when logged out. > > > But with Mozilla, when cache option are set to "Never compare with the > > > cache" (and cache deleted) the protected area is still accessible, even > >if > >I > > > logged out... > > > > > > Is this a bug from Mozilla or Cocoon ? > > > This "hole" is pretty disturbing... > > > > > > Thanks > > > -- > > > Olivier > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > >--------------------------------------------------------------------- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > _________________________________________________________________ > STOP MORE SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
