cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Schwarz" <saschw...@hotmail.com>
Subject RE: how to access authentication context ?
Date Tue, 06 Jul 2004 16:23:02 GMT
Hi
I had the same need. I'm not where my source is but if I recall I use the 
session transformer within the login pipeline to load the authentication 
session info into my own session context only on success. Then this info is 
available to all pipelines (either via the session input module or the 
session transformer) and I use XSL to add the loginname to the XML if it is 
available.

I don't know the security implications of this approach; in my case there is 
no sensitive info in the auth info. I assume it is the same as using 
sessions in general.

Hope this helps,
Steve

>
>I want to implement very simple scheme:
>if user is not loged in, every page on site contains login form,
>if user is logged in, there is "hello, $user" message and logout button.
>
>session context "authentication" is only available if pipeline is
>within auth-protect acition, but not in auth-loggedIn action.
>
>How should I pass auth ID to XSLT stylesheet that forms page?
>
>The only way I've found is to manually encode it in URL and using different
>map:matches to tell logged access from nonloged.
>
>Is there better way ?
>Are there better authentication techniques, other then actions and 
>flowscripts ?

_________________________________________________________________
MSN Life Events gives you the tips and tools to handle the turning points in 
your life. http://lifeevents.msn.com


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message