cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Olivier Billard" <obill...@rennes.jouve.fr>
Subject Re: Authentication framework sample and Mozilla...
Date Fri, 04 Apr 2003 10:03:36 GMT
Hi Jin !

I use the cocoon 2.1dev. I think you should try it to check if some bug was
fix between our 2 versions by testing the 2.1 dev with your config. If I'm
not wrong, the authentication framework was split from the sunRise portal in
the 2.1dev.... with maybe some fixes.

I can't reproduce the problem you describe with my config : win2K, "cocoon
servlet" (jetty) 2.1dev, java 1.4.1_01. In both IE 6 and Netscape 4.78
Good luck and write back for results !

Regards
--
Olivier


From: "jin wu" <jw2203@hotmail.com>
> hi oliver,
> i have the similar but worse problem than you. Using Netscape 4.78 or IE
> 6.0, the protected resource is protected well during the first time
> login-access-logout-deny process, however, after i tried the same process
> the second time, the protected resource is still accessable after i
logout.
> the environment i am using is:
> +-------------------------------------------------------+
> |win2000                                                |
> |cocoon 2.0.4 (bin file with cocoon-scratchpad.jar)     |
> |Tomcat 4.1.18                                          |
> |java 1.3.06                                            |
> +-------------------------------------------------------+
>
> And here is part of my sitemap:
>
> ......
>    <map:action name="sunRise-auth"
> src="org.apache.cocoon.sunshine.sunrise.acting.AuthAction">
>        <handlers>
> <handler name="foo-handler"
xmlns:map="http://apache.org/cocoon/sitemap/1.0"
> xmlns:sunshine="http://sunshine.sundn.de/sunshine/1.0">
>             <redirect-to uri="cocoon://foo-loginpage"/>
>             <authentication uri="cocoon:raw://foo-authuser"/>
>          </handler>
>
> ......
>
> <!-- =============== AUTHENTICATE Sample =========================== -->
> <map:pipeline>
>       <map:match pattern="foo-loginpage">
>         <map:generate src="samples/foo/loginpage.xml"/>
>         <map:transform src="samples/foo/loginpage.xsl" />
>         <map:transform type="encodeURL" />
>         <map:serialize />
>       </map:match>
>       <map:match pattern="foo-login">
>         <map:act type="sunRise-login">
>           <map:parameter name="handler" value="foo-handler"/>
>           <map:parameter name="parameter_name" value="request:name"/>
>           <map:parameter name="parameter_password"
> value="request:password"/>
>           <!-- If the authentication is successfull then this redirect
will
> be performed -->
>           <map:redirect-to uri="foo-protected"/>
>         </map:act>
>         <!-- authentication failed: -->
>         <map:generate src="samples/foo/login-failed.xml"/>
>         <map:transform src="stylesheets/simple-xml2html.xsl"/>
>        <map:serialize/>
>      </map:match>
>      <map:match pattern="foo-logout">
>        <map:act type="sunRise-auth">
>           <map:parameter name="handler" value="foo-handler"/>
>           <map:act type="sunRise-logout"/>
>        </map:act>
>      </map:match>
>      <map:match pattern="foo-authuser">
>            <map:generate src="samples/foo/foo-user.xml"/>
>            <map:transform src="samples/foo/foo-user.xsl">
>               <map:parameter name="use-request-parameters" value="true" />
>            </map:transform>
>            <map:serialize type ="xml"/>
>      </map:match>
>      <map:match pattern="foo-protected">
>           <map:act type="sunRise-auth">
>               <map:parameter name="handler" value="foo-handler"/>
>               <map:generate src="samples/foo/foo-resource.xml"/>
>           </map:act>
>           <map:transform src = "stylesheets/simple-xml2html.xsl"/>
>           <map:serialize/>
>      </map:match>
> </map:pipeline>
> <!-- =============== End Of AUTH Sample ============================ -->
>
> ......
>
> Hope we could find out the problem or solution.
>
> brdgs,
> j.w
>
>
>
>
>
> >From: "Olivier Billard" <obillard@rennes.jouve.fr>
> >Reply-To: "Olivier Billard" <obillard@rennes.jouve.fr>
> >To: <cocoon-users@xml.apache.org>, "Olivier Billard" <obillard@jouve.fr>
> >Subject: Re: Authentication framework sample and Mozilla...
> >Date: Wed, 2 Apr 2003 11:24:52 +0200
> >
> >Even if the cache is set to 0 Ko !
> >This case doesn't appened in Netscape with the same configuration...
> >
> >But I suppose other protected pages not in memory cache will send the
user
> >to the login page...
> >But would it be better (if not done, but in this case I don't understand)
> >to
> >set expiration date to now in all protected pages ?
> >
> >Sorry if it is a dumb question... ! :)
> >
> >
> >----- Original Message -----
> >From: "Olivier Billard" <obillard@jouve.fr>
> >To: "Cocoon Users" <cocoon-users@xml.apache.org>
> >Sent: Wednesday, April 02, 2003 11:07 AM
> >Subject: Authentication framework sample and Mozilla...
> >
> >
> > > Hi all cocooners !
> > >
> > > I'm working on using the authentication framework, base on the
> > > authentication sample, in the Cocoon 2.1 CVS from yesterday.
> > > I made :
> > > build clean
> > > build webapp
> > > cocoon servlet
> > >
> > > With an ooold Netscape (4.78) and IE 6, all works fine : protected
area
> > > access is first denied, and then accepted after logged in, finally
> >denied
> > > when logged out.
> > > But with Mozilla, when cache option are set to "Never compare with the
> > > cache" (and cache deleted) the protected area is still accessible,
even
> >if
> >I
> > > logged out...
> > >
> > > Is this a bug from Mozilla or Cocoon ?
> > > This "hole" is pretty disturbing...
> > >
> > > Thanks
> > > --
> > > Olivier
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> > > For additional commands, e-mail: cocoon-users-help@xml.apache.org
> > >
> > >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> >For additional commands, e-mail: cocoon-users-help@xml.apache.org
> >
>
>
> _________________________________________________________________
> STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org


Mime
View raw message