Mailing-List: contact cocoon-users-help@xml.apache.org; run by ezmlm
Date: Tue, 30 Jan 2001 22:38:57 -0500 (EST)
From: Donald Ball <balld@webslingerZ.com>
To: <cocoon-users@xml.apache.org>
Subject: Re: util:include-uri authentication (+cookies & form data)
In-Reply-To: <a05010404b69d1837e631@[10.0.1.50]>
Message-ID: <Pine.LNX.4.30.0101302227120.1373-100000@localhost.localdomain>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 31 Jan 2001, Jesse Reynolds wrote:

> At 3:00 AM -0500 30/1/01, Donald Ball wrote:
> >On Tue, 30 Jan 2001, Jesse Reynolds wrote:
> >
> >>  Mika (or anyone else) Did you get this working?
> >>
> >>  As well as basic authentication, I also need util:include-uri (or
> >>  something else) to send cookies and form data...
> >
> >basic authentication you can possibly do by including the auth parameters
> >in the url:
> >
> >http://username:password@example.com/protected/resource
> >
> >otherwise you can mess around with the URL class methods for doing
> >authentication, it's not hard if i recall aright.
>
> Donald, where might I find documentation of the "URL class methods"?
> Or where would I find the source code for this? (Which file in the
> src)

http://java.sun.com/j2se/1.3/docs/api/java/net/package-summary.html

> >you can manipulate cookies for the current connection using cookie
> >logicsheet, though i think its design leaves something to be desired.
> >however, i don't know any way to attach cookies to the java.net http
> >client that's used by the util logicsheet. form data, that is to say
> >request parameters, you can tack onto the url:
> >
> >http://username:password@example.com/protected/resource?foo=bar&bar=bat
> >
> >via the get method. post method would be trickier, i'm not aware of
> >anything in the servlet or JDK API's to generate post requests - but using
> >a post here would be wrong anyway.
>
> I need to do POST. Why do you think it would be wrong?

POSTs are supposed to make changes server-side, and i think if that's what
you're doing, that it should be called explicitly, rather than as just a
side effect of including a resource. it's really your call though.

> Here's what we're trying to build... We have an existing web
> application produced with the 4D database environment, which handles
> things such as user registration, authentication, site construction
> and user submissions through forms. We want to 'wrap' it in cocoon,
> such that it just spits out xml and we use xsl in cocoon to format
> the html live etc, but retain the use of authentication via both
> basic auth and cookies, and form submissions for live editing of
> content. In this way cocoon could be thought of as a 'value added
> proxy server' for our application, providing one extra layer of
> abstraction.
>
> So, for some requests (when performing site editing functions) we'd
> like to pipe the incoming request straight through cocoon and onto
> our external web app for it to decipher cookies etc, via both the GET
> and POST methods.
>
> I hope this makes sense and gives a sensible reason for wanting to use POST.
>
> Next question is for advice: what would be the best way of making
> this happen? Ie, by extending the util logicsheet, or by building our
> own taglib to do all this? Or something else again?

if you really need to generate your own POST URL calls, you probably need
to write your own logicsheet. if you're happy with what you come up with,
you might consider submitting a patch to the util logicsheet.

- donald