cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler" <cziege...@s-und-n.de>
Subject RE: Release early? (was: Roadmap Executive Plan)
Date Tue, 12 Mar 2002 11:47:56 GMT
> Sylvain Wallez wrote:
> <snip>
> >
> >>A question about sunRise : is it possible to use standard HTTP
> >>authentication and authorization ? AFAICS, it seems to be very tied to
> >>form-based and application-managed authentication.
> >>
> >
> >You can use any information you can reach from within the Java code.
> >I'm not sure if there is a change to get the HTTP authentication infos.
> >If yes, you can use sunRise.
> >
> The problem comes from the login page. With HTTP authentication, you
> don't have a dedicated login page, and thus cannot use this one to
> handle authentication. Or did I miss something ?
>

Hm, correct me if I'm wrong as we never used HTTP authentication with
sunRise.
If a user requests a URI from the web server which is protected, the web
server
(or the browser) prompts for the authentication information. Only if the
user is authenticated this request is forwarded to the servlet engine.
Is this correct?

If this is so, the servlet engine can - without using a form - use the
sunRise-login
action, get the information from the web server (if possible) and log the
user
into sunRise.

Does this make sense?

Carsten


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message