On 7/23/2012 12:37 PM, Lars Huttar wrote:
> Hi all,
>
> I'm trying to get authentication working in Cocoon 2.1.11. Everything
> that I've been able to examine is working correctly, but instead of
> letting certain people in, it just keeps everybody out (and shows the
> redirect-to page).
>
> Here's my handler configuration:
>
> <authentication-manager>
> <handlers>
> <handler name="ethnopubhandler">
> <redirect-to
> uri="cocoon://mount/ethnologue-17-pub/forbidden.html"/>
> <!-- <redirect-to
> uri="cocoon:/../../../../forbidden.html"/> works, but depends on how
> deep current URL is. -->
> <authentication
> uri="cocoon:raw://mount/ethnologue-17-pub/authorize"/>
> </handler>
> </handlers>
> </authentication-manager>
>
> This is in a subsitemap that's in the subfolder mount/ethnologue-17-pub/
> under the main Cocoon sitemap.
>
> The authorize pipeline, in the same sitemap, is defined as:
>
> <map:match pattern="authorize">
> <map:generate src="process/access-list.xml" />
> <map:transform src="process/authorize.xsl" type="xslt-saxon">
> <map:parameter name="username"
> value="{request-header:osso_user_dn}" />
> </map:transform>
> <map:serialize type="xml-utf8" />
> </map:match>
>
> This part works fine: if I go to "/authorize" in a browser, I get this
> XML response:
>
> <?xml version="1.0"
> encoding="UTF-8"?><authentication><ID>lars_huttar</ID><role>...</role></authentication>
>
> According to this page:
> http://cocoon.apache.org/2.1/developing/webapps/authentication/authenticating_user.html
> the XML response just has to include the <authentication> and <ID>
> elements to indicate successful authentication. Which it does.
>
> But if I go to a URL that's protected by that authentication handler,
> such as
>
> <map:match pattern="dataset/*/*/*/source">
> <map:act type="auth-protect">
> <map:parameter name="handler" value="ethnopubhandler"
> />
> <map:generate src="datasets/query/{1}.xml"/>
> <map:serialize type="xml"/>
> </map:act>
> </map:match>
>
> I get the "forbidden.html" page.
>
> How can I trace what's going wrong?
>
> Thanks,
> Lars
>
>
P.S.
The code in authentication/components/PipelineAuthenticator.java has
debug logging output like
if (this.getLogger().isDebugEnabled()) {
this.getLogger().debug("END isValidAuthenticationFragment
valid=" + isValid);
}
and I have this in my WEB-INF\logkit.xconf:
<category log-level="DEBUG" name="core.authentication-manager">
<log-target id-ref="main" />
</category>
So I would have expected debug logging to be enabled.
But I don't see the above debug log message or anything like it in the
WEB-INF\logs\*.log files.
I also tried turning on global debug logging:
<category log-level="DEBUG" name="">
<log-target id-ref="main"/>
</category>
Of course I got loads of output. But nothing like "END
isValidAuthenticationFragment valid=". What am I doing wrong?
Another angle: in the deprecation.log, I get
WARN (2012-07-23) 16:22.48:459 [deprecation]
(/mount/ethnologue-17-pub/dataset/country-header/-/-/source)
catalina-exec-5/Deprecation.LoggerWrapper: The authentication-fw block
is deprecated. Please use the auth block instead.
Ah, I say, there is something new to replace the authentication
framework I'm using!
But in the samples/blocks folder, there is "authentication-fw" but no
"auth" block. Where do I find "auth"?
Thanks for any help.
Lars
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
