cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Lunjov <>
Subject Advise needed - how to handle externally defined session ID & authentication (2.1.4)
Date Mon, 01 Mar 2004 09:11:27 GMT
I am new to "cocoon internals" and I really need some starting points at 
least - please help.

I am making a kind of web-service(not standard) that works as a part of 
corporate portal - provides dynamic content. Unfortunately most of the 
things are out of my control - I can't get normal servlet session & etc.

So I am given with session ID and some basic session info in request 
parameters by portal front-end. Logins are managed there too - I get 
already authenticated user. Now I need to make this mechanism 
transparent for my Cocoon application:
- make sessions to work needed for continuations and also I need to 
cache additional user information in session.
- authentication is very tricky - user can impersonate himself "to be 
someone else" and I get this info with every request - so I need to 
override auth-fw to ask authentication handler to provide new roles and 
impersonated identity upon every request - not to cache it in session 
since user is logged in as it is now.

I have quite strict design reqs - for guy making concrete pages 
everything shoul look as standard as possible - so I shouth provide 
cocoon session and authentication context. Seems it is doable, but 
please provide me with guidelines if possible - what components should I 


View raw message