cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Timberlake <and...@timberlake.co.za>
Subject Re: 3 questions...
Date Wed, 20 Aug 2003 06:12:34 GMT
Sonny

I didn't have the answers to your questions immediately but I have done 
some digging throught he source code and can hopefully give you a head 
start on your understanding...

Sonny Sukumar wrote:
> 
> [2 of these questions I sent a couple days ago but got no reply and 
> haven't figured them out.  They pertain to Cocoon's Authentication 
> Framework. Thanks.]
> 
> These 3 questions are based on this doc: 
> http://cocoon.apache.org/2.1/developing/webapps/authentication.html
> 
> 1.) The doc states "If the authentication is successful, a session 
> object is created on the server (if not already done).  If the 
> authentication fails, the error information delivered by the 
> authentication resource is stored into the temporary context (which is 
> named simply 'temp')."
> 
> Question: Where is this 'temp' context stored, if not in the session?

The temporary context is stored in the session and it is stored with the 
key "temporary" or more specifically in the 
org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator
you will find reference to the SessionConstants.TEMPORARY_CONTEXT being 
used. This is used in conjunction with the SessionManager.

> 
> 2.) Where is the "login" tag of the login resource referred to in this 
> statement?:
> 
> 'If the authentication is not successful, the resource must create an 
> XML with the root node "authentication". In addition a "data" node can 
> be added containing more information about the unsuccessful attempt. 
> **This data node is then added inside the "login" tag of the login 
> resource.**'

I'm not sure that a login tag is created. The temprary context should 
contain an XML fragment which looks like the following:
<authentication>
     <failed/>
     <data>Any error message which was set by your authentication 
handler</data>
</authentication>

This I get from reading the few lines above the 
SessionConstants.TEMPORARY_CONTEXT code I mentioned above.

> 
> 3.) Is it necessary to use the "raw:" subprotocol here for not 
> forwarding request params?  As in:
> 
>   <handler name="unique">
>      <!-- The login resource -->
>      <redirect-to uri="cocoon:raw://loginpage"/>
>      <authentication uri="cocoon:raw://authenticationresource"/>
>    </handler>
> 
> It says "...this resource is requested by the framework with the given 
> parameters from the auth-login action" referring to the authentication 
> resource, so perhaps the "raw:" subprotocol is there to prevent 
> duplicate request params?  I'm just guessing here...

I'll leave you to your guess here.

I hope I've at least been able to provide a little help.

Andrew

> 
> Thanks,
> 
> Sonny
> 
> _________________________________________________________________
> <b>Get MSN 8</b> and enjoy automatic e-mail virus protection.   
> http://join.msn.com/?page=features/virus
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message