Return-Path: 
 <docs-return-9903-apmail-cocoon-docs-archive=cocoon.apache.org@cocoon.apache.org>
Delivered-To: apmail-cocoon-docs-archive@www.apache.org
Received: (qmail 15362 invoked from network); 13 Jan 2007 21:20:45 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 13 Jan 2007 21:20:45 -0000
Received: (qmail 38585 invoked by uid 500); 13 Jan 2007 21:20:51 -0000
Delivered-To: apmail-cocoon-docs-archive@cocoon.apache.org
Received: (qmail 38561 invoked by uid 500); 13 Jan 2007 21:20:51 -0000
Mailing-List: contact docs-help@cocoon.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:docs-help@cocoon.apache.org>
list-unsubscribe: <mailto:docs-unsubscribe@cocoon.apache.org>
List-Post: <mailto:docs@cocoon.apache.org>
Reply-To: docs@cocoon.apache.org
List-Id: <docs.cocoon.apache.org>
Delivered-To: mailing list docs@cocoon.apache.org
Received: (qmail 38549 invoked by uid 99); 13 Jan 2007 21:20:51 -0000
X-ASF-Spam-Status: No, hits=-9.4 required=10.0
	tests=ALL_TRUSTED,NO_REAL_NAME
X-Spam-Check-By: apache.org
Received: from [140.211.11.67] (HELO cocoon.zones.apache.org) (140.211.11.67)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 Jan 2007 13:20:51 -0800
Message-ID: <21143015.1168723224545.JavaMail.daisy@cocoon.zones.apache.org>
Date: Sat, 13 Jan 2007 21:20:24 +0000 (GMT+00:00)
From: daisy@cocoon.zones.apache.org
To: docs@cocoon.apache.org
Subject: [DAISY] Created: Security Handlers
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

A new document has been created.

http://cocoon.zones.apache.org/daisy/documentation/1317.html

Document ID: 1317
Branch: main
Language: default
Name: Security Handlers
Document Type: Cocoon Document
Created: 1/13/07 9:20:21 PM
Creator (owner): Carsten Ziegeler
State: publish

Parts
=====

Content
-------
Mime type: text/xml
Size: 2481 bytes
Content:
<html>
<body>

<p>One of the main objects of Cocoon Auth is a security handler. This handler is
the component that tries to authenticate a user against a user database. So this
is the connection between your web application and the user database. Cocoon
Auth comes already with some implementations for a security handler, like a
pipeline based one that uses a usual Cocoon pipeline to authenticate a user. So
a security handler is a helper component that you have to write in order to
integrate you database.</p>

<p>You will never directly use a security handler. The handler is tied to your
<a href="applications.html">applications</a> and Cocoon Auth makes use of a
security handler for login and logout operations of users.</p>

<h2>Configuration</h2>

<p>Before you can use a security handler, you have to tell Cocoon Auth about it.
Technically, a security handler is a singleton component, so the configuration
of a handler takes place in the bean configurations</p>

<p>Let's have a look at a simple security handler configuration:</p>

<pre>
&lt;bean name="org.apache.cocoon.auth.SecurityHandler/shop-handler"
           class="org.apache.cocoon.auth"
  scope="singleton"&gt;
    ... Configuration for the handler - if required
&lt;/bean&gt;        
      </pre>

<p>In the example above, a new security handler is configured. Each handler must
have a unique name that is used as a reference to this handler. This uniqued
identifier is defined in the name attribute. The name has to start with the
prefix "org.apache.cocoon.auth.SecurityHandler/" follow by the name of the
handler. Technically, a handler is a Java class (conforming to a specific
interface). The class attribute in the configuration specifies this class. A
single instance of this class is created and used in the application to
authenticate a user.</p>

<h2>Anonymous Security Handler</h2>

<p>There are situations where you might want to use the notion of an
application, but don't have the need to identify single users. In this case you
can simply use the anonymous security handler of Cocoon Auth that automatically
creates a new user object without the requirement of having a user database.
</p>

<p>The application will not have a login form and the user is logged into the
application as soon as he invokes the first page of the application.</p>

<p>Using the anonymous security handler is easy: just omit the security handler
configuration on your application configuration!</p>

</body>
</html>

Collections
===========
The document belongs to the following collections: cdocs-auth