Upayavira wrote:Ah. I hadn't used the auth-protect code, cos I couldn't understand what it was for. I'll look into that and get back to you.
I have committed a partly working auth-fw/flow sample. I think it is basically there, but I am gettting stuck with:
SessionManager.streamContextFragment: Context 'authentication' not found.
I've never used the session manager (nor sessions for that matter), so I'm a bit out of my depth. Could one of you take a look and see if you can see how to make it work?
[The one thing I can spot is that cocoon.redirectTo(uri) in FOM_Cocoon sets the 'session' value to false, so there appears to be no way to do a session aware redirect from flow].
I haven't looked at your code/sample yet, but I can try to explain some parts: after a successful authentication, the authentication context is stored in the session; so if you have a redirect (or a link) that does not preserve the session than the user is not authenticated any more and that could lead to the message from above.
In addition, to get information from the authentication context, you have usually to tell the authentication framework which handler to use. This is done by the auth-protect action. As long as this action hasn't been activated in the current request, the context is not available. You need a similar thing in flow as well.
Perhaps I have time to look at your example over the weekend.Leave it to me for now and I'll get back to you if I have problems (that way you'll only have 5999 messages to worry about).
Regards, Upayavira
