cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Lunjov <>
Subject How to handle externally defined session ID & authentication (2.1.4)
Date Tue, 02 Mar 2004 12:30:11 GMT
I am new to "cocoon internals" and I really need some starting points at
least - please help.

I am making a kind of web-service(not standard) that works as a part of
corporate portal - provides dynamic content. Unfortunately most of the
things are out of my control - I can't get normal servlet session & etc.

So I am given with session ID and some basic session info in request
parameters by portal front-end. Logins are managed there too - I get
already authenticated user. Now I need to make this mechanism
transparent for my Cocoon application:
- make sessions to work needed for continuations and also I need to
cache additional user information in session.
- authentication is very tricky - user can impersonate himself "to be
someone else" and I get this info with every request - so I need to
override auth-fw to ask authentication handler to provide new roles and
impersonated identity upon every request - not to cache it in session
since user is logged in as it is now.

I have quite strict design reqs - for guy making concrete pages
everything shoul look as standard as possible - so I shouth provide
cocoon session and authentication context. Seems it is doable, but
please provide me with guidelines if possible - what components should I


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message