cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vadim Gritsenko" <vadim.gritse...@verizon.net>
Subject RE: [RT] Access Control (was [RT] Cocoon as OS)
Date Thu, 07 Feb 2002 20:26:02 GMT
> From: Greg Weinger [mailto:gweinger@itmedicine.net]
> 
> <snip/>
> 
> > > But the servlet spec doesn't allow a servlet to set the user
> > > credentials in the container.
> >
> > It will be set for you by the container.
> >
> > Servlet spec 2.3, SRV.12.5.3 Form Based Authentication:
> >   4. The container attempts to authenticate the user
> >   using the information from the form.
> >
> > If you want to do this by yourself, then yes, it is not specified in
> > the spec how to do this.
> 
> I always handle this by myself, because of design requirements.  What
> are other people's experiences?

Design requirements??? The form is 100% under your control.


> > But spec implementations usually provide you with
> > the (non-statndard) way to handle this correctly (i.e. it will
> > propagate
> > Principal you provided into the container). I remember some examples
> > from the Bea WebLogic server.
> >
> 
> And IHMO this sucks, because it's container-specific.  I would like an
> abstraction for it within Cocoon as well, or at least a standard way
of
> handling it.

Any Cocoon level abstraction will be unportable and non-cooperative in
terms of integration with servlet, EJB containers and J2EE platform as a
whole.


> > Not good; This would not be propagated to the other environments,
say,
> > into an EJB. Not to say that this is against any standards Java has.
> > And, same could be done using session:
> >
> >    public Principal getUserPrincipal() {
> >      if (session.getAttribute("userPrincipal") == null) {
> >        return request.userPrincipal;
> >      } else {
> >        return session.getAttribute("userPrincipal");
> >      }
> >    }
> 
> That's what I was thinking; I like the idea of having "reserved"
Session
> or Request attributes that hold that the user information.

You are free to use this. Just put together couple of lines as a Cocoon
action or XSP or etc. But take into account point above: it won't work
with EJBs/other servlets/etc.

Vadim



---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message