cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Mazzocchi <>
Subject Re: Flow and the authentication framework
Date Tue, 12 Aug 2003 08:33:23 GMT

On Monday, Aug 11, 2003, at 19:26 Europe/Rome, Upayavira wrote:

> On 11 Aug 2003 at 19:10, Reinhard Pötz wrote:
>> From: Steve Krulewitz
>>> [I posted this earlier on the user list, but it might be more
>>> appropriate here given the new-ness of the flow stuff]
>>> Hey folks --
>>> Total newbie here.  I've been spending the last week getting
>>> up to speed on Cocoon, especially the new flow stuff and how
>>> it impacts the action-based authentication framework.  If
>>> flow essentially deprecates actions in general, what is the
>>> proper way to access the authentication framework from flow?

Very good question. I've been thinking about the very same thing for 
the last month or so.

I have pretty wild ideas on how to do this. Stay tuned for my Sylvain's 
pool random thought mail appearing right after the 2.1 release.

>>> The petstore sample seems to use its own user database, which
>>> would lead me to believe that the current authentication
>>> framework is not intended to be used with flow?

Correct. The auth-framework was not intented to be used with the flow.

>> AFAIK, there hasn't been done any work yet. Personally I haven't used
>> the authentication framework. What I know the authentication framework
>> can protect your pipelines. IMHO this doesn't make sense for flow
>> applications because you work with sendPage(AndWait) and this allows
>> you to send internal-only pipelines and your controller should know if
>> a user is allowed to receive a page or not.
>> But maybe I'm completly wrong here ...
> Interesting points.

The auth framework action should be refactored into a general 
user-managing component and at that point, it could be used both by the 
action and by a flowscript.

>>> More specifically, I'm not really looking to restrict access
>>> to particular pages and pipelines, rather I want the user's
>>> authentication status and
>>> role(s) to affect the page generation.
>> Sorry, can't help you with that.
> You could check out the Linotype block, which does some basic 
> authentication using
> flow.

Yes and it uses a "super simple" java components to do user management. 
I know Turbine has a component that does this already and they were 
talking about avalonizing it.

But stay tuned for more on this subject.

View raw message