cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jos Snellings <>
Subject Re: [c3] auth
Date Sun, 16 Aug 2009 06:04:41 GMT
Hi Reinhard,

Is this a design choice? As I try to read the general idea, Cocoon 3 is
to be minimal and would have only a dependency on the Spring framework.
Somebody considering to build a web application with cocoon that needs
authentication would have to code the page redirection mechanism
Assuming that a JAAS/LDAP component is plugged in via Sping, the logic
For a realm filtered by url characteristics (say 'secure/*.*')
'is there a HttpSession which has a remote user?
yes -> OK, through with processing, based upon role/rights
no  -> send to login page, or 'forbidden' page, whereby the login page
captures authentication tokes from user and feeds that to the
authentication component (which itself is an indepent component.

Not that it is very difficult to code such behaviour for an individual
application, but to enable this from within the sitemap looks perfecly
sound within the cocoon philosophy, thereby avoiding to insert
permission checks into the data access layer.

What do you think?

Kind regards,
Jos Snellings


On Fri, 2009-08-14 at 18:01 +0200, Reinhard Pötz wrote:
> Jos Snellings wrote:
> > Dear, 
> > 
> > In cocoon 3 I do not find back the "auth" mechanism
> > (org.apache.cocoon.auth), which comes in very handy to secure a range of
> > urls.
> > In addition, I could not find the notion of "application".
> > 
> > Will the 'old' construct to build a session hold in cocoon-3?
> > Is the mechanism available in spite of my unability to find it at first
> > glance?
> Hi Jos,
> unfortunately there is no equivalent of the C2-Auth block in Cocoon 3
> available.

View raw message