cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Lange <ralph.la...@abs.de>
Subject authentication-Framework: Problem on logout with firefox 1.0.1/ie 6
Date Fri, 03 Jun 2005 13:44:35 GMT
Dear Cocoon Users,

Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0

We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)

We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from 
the session,
i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for 
username/pw.

This happens to appear with firefox, ie6, using konqueror it works fine.
Does anyone of you know what happens?

Below are the relevant sitemap snippets.

Any help is kindly appreciated,
Ralph Lange




<map:pipelines>
  <map:component-configurations>
      <authentication-manager>
          <handlers>
            <handler name="portalhandler">
                  <redirect-to uri="redirect_document"/>
                  <authentication 
authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>
               </handler>
      </handlers>
    </authentication-manager>
  </map:component-configurations>

<map:pipeline>
   <map:match pattern="alreadylogged">
      <map:generate type="file" src="authentication/alreadyloggedin.xml"/>
      <map:transform type="xslt" src="authentication/alreadyloggedin.xsl"/>
      <map:serialize type="html"/>
    </map:match>

   <map:match pattern="protectedresource">
      <map:act type="auth-protect">
    <map:parameter name="handler" value="portalhandler"/>
      <map:generate type="file" src="authentication/protectedresource.xml"/>
      <map:transform type="xslt" 
src="authentication/protectedresource.xsl"/>
      <map:serialize type="html"/>
      </map:act>
    </map:match>
   
    <map:match pattern="login">
      <map:act type="auth-loggedIn">
          <map:parameter name="handler" value="portalhandler"/>
          <map:redirect-to uri="alreadylogged"/>
      </map:act>
      <map:act type="auth-login">
        <map:parameter name="handler" value="portalhandler"/>
        <map:parameter name="parameter_name" value="{request-param:name}"/>
        <map:parameter name="parameter_password" 
value="{request-param:password}"/>
        <map:parameter name="parameter_resource" 
value="{request-param:resource}"/>
    <map:redirect-to uri="protectedresource"/>
      </map:act>
      <!-- authentication failed: -->
      <map:generate src="authentication/auth_failed.xml"/>
      <map:transform src="authentication/auth_failed.xsl"/>
      <map:serialize/>
    </map:match>
   
    <map:match pattern="logout">
      <map:act type="auth-logout">
        <map:parameter name="handler" value="portalhandler"/>
    <map:generate src="authentication/auth_logout.xml"/>
        <map:transform src="authentication/auth_logout.xsl"/>
        <map:serialize/>
      </map:act>
    </map:match>
   </map:pipeline>
  </map:pipelines>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message