cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Armaz Mellati" <armaz.mell...@uninett.no>
Subject RE: Authentication puzzle
Date Wed, 10 Jan 2007 10:24:28 GMT
Hi

May I ask you what version av Cocoon you are using? I ask because the documentation you are
refering to is somewhat outdated if you
are using 1.2.10 (may be even for 1.2.9). 
I found out that in version 1.2.10 Cocoon is set up to use the new CoWarp authetication framwork
(Which is a better one). But things
are different when using that. If you look at your cocoon.xconf, you can find the following
:
"If you want to use the authentication framework, comment out the above line and uncomment
the following line:" 

Hope this helps.

Regards,
Armaz


> -----Original Message-----
> From: Peter Flynn [mailto:pflynn@ucc.ie] 
> Sent: Wednesday, January 10, 2007 10:42 AM
> To: users@cocoon.apache.org
> Subject: Re: Authentication puzzle
> 
> Steven D. Majewski wrote:
> 
> > My understanding is that the Authentication Framework is just a 
> > framework -- it doesn't itself do any authentication or 
> > encryption/decryption of passwords.
> 
> I understand that it doesn't do any authentication: that's 
> what I wrote the little XML and XSLT files for: to output the 
> format specified in the doc at 
> http://cocoon.apache.org/2.1/developing/webapps/authentication.html
> 
> I did, however, expect it to pass the password in crypt(3) 
> form, but that's not important for now.
> 
> > It manages protected resources and restricts them to authenticated 
> > users. ( Because typically sites will want to plug in different 
> > authentication mechanisms. )
> 
> Yes, that much I'm happy with. I'll eventually want this to 
> authenticate against Active Directory or an LDAP server.
> 
> > I'm not clear on what you're trying to do. Are you doing 
> trying to do 
> > HTTP Basic Authentication ?
> 
> For now I just want to authenticate using the little file I 
> posted, which provides a username and password per user that 
> I can match against locally.
> 
> I'm not sure what "HTTP Basic Authentication" is (unless it's 
> like the method used by regular Apache httpd for web 
> passwords -- but that *does* use crypt(3)). I'm using the 
> file system: my auth.xml and auth.xsl with the 
> parameter_username and parameter_password as per the document 
> image in 
> http://cocoon.apache.org/2.1/developing/webapps/authentication.html
> 
>        <map:match pattern="login">
> 	<map:generate src="auth.xml"/>
> 	<map:transform src="auth.xsl" type="xslt">
> 	  <map:parameter name="use-request-parameters" value="true"/>
>          </map:transform>
> 	<map:serialize type="xml"/>
>        </map:match>
> 
> > And I'm not sure what you mean by "required crypt(3)" - 
> required by whom ?
> 
> Me. I assumed (obviously wrongly) that Cocoon would handle 
> the encryption of the password. No matter -- for the moment I 
> don't care; but the problem still stands in that it isn't 
> coming back with authentication when I provide the right 
> userid/password pair in Cocoon, but it *does* provide the 
> specified output if I perform the same action from the shell 
> commandline using Saxon.
> 
> > HTTP  Basic Authentication sends  the bas64 encoding of 
> "user:password"  
> > They aren't encrypted.
> 
> Base64? Ewww. So if I store the userid and password in my XML 
> disk file in base64 encoding they should be matched?
> 
> > ( But if you're trying to port users from an Apache 
> .htpasswd file , 
> > then THOSE entries are encrypted with crypt(3). That was my problem 
> > and I found and adapted a javascript version of crypt. )
> 
> No, I wasn't trying to use those: I just assumed the concept 
> would be the same, only performed by my XML file and its XSLT 
> procedure.
> 
> The documentation is missing this vital information in that case.
> 
> Has anyone ever implemented a small test case where 
> authentication is performed by a component which just runs 
> XSLT over XML and matches the passed userid/password 
> parameters with values in the XML file, and returns the 
> format specified in the Cocoon doc at 
> http://cocoon.apache.org/2.1/developing/webapps/authentication.html
> 
> ///Peter
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message