cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jin wu" <jw2...@hotmail.com>
Subject Re: Authentication framework sample and Mozilla...
Date Thu, 03 Apr 2003 17:09:25 GMT
hi oliver,
i have the similar but worse problem than you. Using Netscape 4.78 or IE 
6.0, the protected resource is protected well during the first time 
login-access-logout-deny process, however, after i tried the same process 
the second time, the protected resource is still accessable after i logout. 
the environment i am using is:
+-------------------------------------------------------+
|win2000                                                |
|cocoon 2.0.4 (bin file with cocoon-scratchpad.jar)     |
|Tomcat 4.1.18                                          |
|java 1.3.06                                            |
+-------------------------------------------------------+

And here is part of my sitemap:

......
   <map:action name="sunRise-auth" 
src="org.apache.cocoon.sunshine.sunrise.acting.AuthAction">
       <handlers>
<handler name="foo-handler" xmlns:map="http://apache.org/cocoon/sitemap/1.0" 
xmlns:sunshine="http://sunshine.sundn.de/sunshine/1.0">
            <redirect-to uri="cocoon://foo-loginpage"/>
            <authentication uri="cocoon:raw://foo-authuser"/>
         </handler>

......

<!-- =============== AUTHENTICATE Sample =========================== -->
<map:pipeline>
      <map:match pattern="foo-loginpage">
        <map:generate src="samples/foo/loginpage.xml"/>
        <map:transform src="samples/foo/loginpage.xsl" />
        <map:transform type="encodeURL" />
        <map:serialize />
      </map:match>
      <map:match pattern="foo-login">
        <map:act type="sunRise-login">
          <map:parameter name="handler" value="foo-handler"/>
          <map:parameter name="parameter_name" value="request:name"/>
          <map:parameter name="parameter_password" 
value="request:password"/>
          <!-- If the authentication is successfull then this redirect will 
be performed -->
          <map:redirect-to uri="foo-protected"/>
        </map:act>
        <!-- authentication failed: -->
        <map:generate src="samples/foo/login-failed.xml"/>
        <map:transform src="stylesheets/simple-xml2html.xsl"/>
       <map:serialize/>
     </map:match>
     <map:match pattern="foo-logout">
       <map:act type="sunRise-auth">
          <map:parameter name="handler" value="foo-handler"/>
          <map:act type="sunRise-logout"/>
       </map:act>
     </map:match>
     <map:match pattern="foo-authuser">
           <map:generate src="samples/foo/foo-user.xml"/>
           <map:transform src="samples/foo/foo-user.xsl">
              <map:parameter name="use-request-parameters" value="true" />
           </map:transform>
           <map:serialize type ="xml"/>
     </map:match>
     <map:match pattern="foo-protected">
          <map:act type="sunRise-auth">
              <map:parameter name="handler" value="foo-handler"/>
              <map:generate src="samples/foo/foo-resource.xml"/>
          </map:act>
          <map:transform src = "stylesheets/simple-xml2html.xsl"/>
          <map:serialize/>
     </map:match>
</map:pipeline>
<!-- =============== End Of AUTH Sample ============================ -->

......

Hope we could find out the problem or solution.

brdgs,
j.w





>From: "Olivier Billard" <obillard@rennes.jouve.fr>
>Reply-To: "Olivier Billard" <obillard@rennes.jouve.fr>
>To: <cocoon-users@xml.apache.org>, "Olivier Billard" <obillard@jouve.fr>
>Subject: Re: Authentication framework sample and Mozilla...
>Date: Wed, 2 Apr 2003 11:24:52 +0200
>
>Even if the cache is set to 0 Ko !
>This case doesn't appened in Netscape with the same configuration...
>
>But I suppose other protected pages not in memory cache will send the user
>to the login page...
>But would it be better (if not done, but in this case I don't understand) 
>to
>set expiration date to now in all protected pages ?
>
>Sorry if it is a dumb question... ! :)
>
>
>----- Original Message -----
>From: "Olivier Billard" <obillard@jouve.fr>
>To: "Cocoon Users" <cocoon-users@xml.apache.org>
>Sent: Wednesday, April 02, 2003 11:07 AM
>Subject: Authentication framework sample and Mozilla...
>
>
> > Hi all cocooners !
> >
> > I'm working on using the authentication framework, base on the
> > authentication sample, in the Cocoon 2.1 CVS from yesterday.
> > I made :
> > build clean
> > build webapp
> > cocoon servlet
> >
> > With an ooold Netscape (4.78) and IE 6, all works fine : protected area
> > access is first denied, and then accepted after logged in, finally 
>denied
> > when logged out.
> > But with Mozilla, when cache option are set to "Never compare with the
> > cache" (and cache deleted) the protected area is still accessible, even 
>if
>I
> > logged out...
> >
> > Is this a bug from Mozilla or Cocoon ?
> > This "hole" is pretty disturbing...
> >
> > Thanks
> > --
> > Olivier
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> > For additional commands, e-mail: cocoon-users-help@xml.apache.org
> >
> >
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
>For additional commands, e-mail: cocoon-users-help@xml.apache.org
>


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*   
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org


Mime
View raw message