Re: Authenticating pipelines called from a cron job

Wed, 09 May 2007 06:49:49 -0700 

Is the Cron Job and the Pipeline handled by the same Cocoon instance?
How are you calling your pipeline? Are you calling it using HttpClient or are you using internal methods? 


If you are calling a pipeline on the same system ... make your CronJob 
implement Servicable and use the ServiceManager to process an internal 
pipeline:


   public Document loadW3CDocument(String uri) {
       JaxpParser parser = null;
       CocoonComponentManager resolver = null;
       Source source = null;
       try {
           parser = (JaxpParser) manager.lookup(
                   DOMParser.ROLE);

           resolver = (CocoonComponentManager) 
manager.lookup(SourceResolver.ROLE);

           source = resolver.resolveURI(uri);
           if (source.getClass().getName().equals(

                   
"org.apache.cocoon.components.source.impl.SitemapSource") == false) {
               throw new 
ServiceException(CargoCapacityDatabaseComponent.class

                       .getName(), uri);
           }
           InputSource is = new InputSource(source.getInputStream());
           is.setSystemId(source.getURI());
           return parser.parseDocument(is);
       } catch (Exception e) {
       } finally {
           if (source != null)
               resolver.release(source);
           manager.release(parser);
           manager.release(resolver);
       }
       return null;
   }


That's the way I'm doing exactly the thing you are trying to do (under 
the assumption it's in the same Cocoon Instance)


Hope it helps,
   Chris




Sanket Pattekar schrieb:

Thanks for the reply...

As Ard pointed out I need to have an external pipleine for the cron.

In our environment, we have internet and intranet URLs that are
accessible. I can put a check that would only allow the pipeline to be
executed from intranet, but that is not what I need.

I need to check(in the cron pipeline) that it is being executed by the
CRON JOB and not by any external user request. This is the only way I
can prevent unauthorized access to the cron pipeline.

Thanks
Sanket


On 5/9/07, Ard Schrijvers <[EMAIL PROTECTED]> wrote:

Hello,


think I kind of know the setup of Sanket: he needs an external 
pipeline, because a host needs to be matched.



@Sanket: you might add a "non-external-existing" host in your 
sites.xconf, and use external pipeline. From the outside, nobody will 
be able to run this one, right. Or, you do have a normal external 
pipeline, but you add the port number your cocoon instance is running 
under, and you make sure this request cannot be done from "outside"


Ard

>
> Hi Sanket,
>
> do I understand you correct. You want your cronjob to execute an
> external pipeline on the same cocoon instance the cron job is
> runing and
> want to prevent external users from accessing the same pipeline
> manually? Why not use an internal pipeline instead? You could
> create an
> internal pipeline and har code authentication in this pipeline
>
>             <map:pipeline internal-only="true">
>                  <map:match pattern="some-cron-pipeline">
>                     <map:act type="auth-login">
>                        <map:parameter name="handler"
> value="authhandler"/>
>                        <map:parameter name="parameter_username"
> value="{request-param:username}"/>
>                        <map:parameter name="parameter_password"
> value="{request-param:password}"/>
>                        <map:parameter name="session-timeout"
> value="540"/>
>                        <map:act type="auth-protect">
>                            <map:parameter name="handler"
> value="authhandler"/>
>                            <map:generate/>
>                            <map:transform/>
>                             <map:serialize/>
>                        </map:act>
>                     </map:act>
>                 </map:match>
>
> Havent tested this thogh ...my CronJobs don't need
> authentication since
> they are internal pipelines and I allways know who I am ;)
>
> Chris
>
> Sanket Pattekar schrieb:
> > Hi,
> >
> > I am using a cron job that fires daily, which call the pipeline as
> > follows
> >
> > <component
> > class="org.apache.cocoon.components.cron.CocoonPipelineCronJob"
> > logger="core"
> > role="org.apache.cocoon.components.cron.CronJob/pipeline-daily">
> >     <pipeline>some-external-pipeline</pipeline>
> >    </component>
> >
> > The above cron job uses an extaernal pipeline, it can also
> be accessed
> > by the external user. I want to prevent the same, and some
> > authentication, so that this pipeline is only executed when called
> > from a cron job and not explicitly.
> >
> > Is there any I can check the same.
> >
> > Sanket
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to