cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Howard <coc...@leverageweb.com>
Subject Re: possible future addition
Date Fri, 24 Oct 2003 22:45:00 GMT
Tony Collen wrote:

> hassan abolhassani wrote:
> 
>> Hi all,
>>  
>> I have some concerns and would like to share with you. Sorry if these 
>> has already been discussed or sounds non-sense. Anyway, I will be glad 
>> to hear your voices (I am not in the dev list, so please in case you 
>> post a reply send me a copy too).
>>  
>> 1- I know that Cocoon provides different facilities for Authentication 
>> and protecting pipelines. However, I think it is possible to further 
>> simplify it. Suppose we add an attribute to <map:pipline> for example 
>> 'protected' tag like:
>>  
>> <map:pipeline protected="yes">
>> ...
>> </map:pipeline>
>>  
>> Seeing this and having a global definition of the authentication 
>> configurations as well as the action in case authentication fails, one 
>> may have easier way to add authentication.

You can do the same now essentially with
<map:pipeline>
   <map:match type="xxx">
       ... pipeline as before
   </map:match>
</map:pipeline>

where the wrapping matcher checks your login state.  I wrote a 30 second 
matcher which checks your container managed authentication state 
(against a role, for example) and it works like a charm.  Matchers can 
be nested - we're used to seeing them one per "pipeline" (in the 
Generator-[Transformer]*-Serializer sense) but they work great in this 
case as well.

> This is very interesting.  IMO one thing that I'd like to see is a quick 
> and easy way of protecting a URL using something similar to using an 
> .htaccess file and using basic HTTP authentication. Unfortuantely I 
> think this would be the role of the servlet container, and I don't know 
> if this would work any way with the CLI.

Again, a matcher to do that would be pretty simple.  You could even 
probably use a 401 error code to force basic authentication without 
configuring it in web.xml.

Geoff


Mime
View raw message