cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Giacomo Pati <pati_giac...@yahoo.com>
Subject Re: sitemap draft still needs work in the matcher/chooser area
Date Mon, 19 Jun 2000 08:29:58 GMT

--- Donald Ball <balld@webslingerZ.com> wrote:
> On Sun, 18 Jun 2000, Giacomo Pati wrote:
> 
> > > 1. where should do site or directory-specific configuration of components?
> > > take the AuthenticationMatcher, for instance. An obvious implementation
> > > would be the FileAuthenticationMatcher. How do I know where to look for
> > > the file? The only place in the current sitemap draft where I'm allowed to
> > > configure matchers in in the declaration of components block - but suppose
> > > I want to have different files for different directories?
> > 
> > I thought we agreed _not_ to authenticate ourselfs! We leave it to the
> > servlet engine/web server. So please don't write a
> > FileAuthenticationMatcher, write a FileAuthorisationMatcher instead!
> 
> well...
> 
> a. it's just an example. substitute IPAddressMatcher instead - the problem
> remains - how do I configure the matcher to work differently in different
> places?

Ok, sorry :)

> 
> b. i think there's a place for user authentication inside cocoon,
> especially if we're going to be carving out a huge chunk of URLspace (not
> just .xml files) and serving it instead of using apache's URL-to-file
> mapping. but if you don't want to use it, don't.

There is no problem having Apache protect _any_ url. Try:

<Location /foobar/baz/>
  AuthName "My Secret URI"
  AuthType Basic
  AuthUserFile "/usr/local/httpd/secrets/pwfile"
  <Limit GET POST PUT>
    require valid-user
  </Limit>
</Location>

and try to access http://localhost/foobar/baz/no_file_exists

> 
> c. what do you see as the difference between a FileAuthenticationMatcher
> and FileAuthorisationMatcher?

Glossary reason. 

Authentication -> prove me that you are who you are 
Authorisation  -> if you are donald I let you access foobar.baz

Giacomo


=====
--
PWR GmbH, Organisation & Entwicklung      Tel:   +41 (0)1 856 2202
Giacomo Pati, CTO/CEO                     Fax:   +41 (0)1 856 2201
Hintereichenstrasse 7                     Mailto:Giacomo.Pati@pwr.ch
CH-8166 Niederweningen                    Web:   http://www.pwr.ch

__________________________________________________
Do You Yahoo!?
Send instant messages with Yahoo! Messenger.
http://im.yahoo.com/

Mime
View raw message