cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Flynn <>
Subject Re: Authentication puzzle
Date Wed, 10 Jan 2007 09:41:55 GMT
Steven D. Majewski wrote:

> My understanding is that the Authentication Framework is just a 
> framework -- it doesn't itself do any authentication or
> encryption/decryption of passwords.

I understand that it doesn't do any authentication: that's what I wrote 
the little XML and XSLT files for: to output the format specified in the
doc at

I did, however, expect it to pass the password in crypt(3) form, but
that's not important for now.

> It manages protected resources and restricts them to authenticated
> users. ( Because typically sites will want to plug in different 
> authentication mechanisms. )

Yes, that much I'm happy with. I'll eventually want this to authenticate 
against Active Directory or an LDAP server.

> I'm not clear on what you're trying to do. Are you doing trying to do 
> HTTP Basic Authentication ?

For now I just want to authenticate using the little file I posted,
which provides a username and password per user that I can match against 

I'm not sure what "HTTP Basic Authentication" is (unless it's like the
method used by regular Apache httpd for web passwords -- but that *does*
use crypt(3)). I'm using the file system: my auth.xml and auth.xsl with
the parameter_username and parameter_password as per the document image

       <map:match pattern="login">
	<map:generate src="auth.xml"/>
	<map:transform src="auth.xsl" type="xslt">
	  <map:parameter name="use-request-parameters" value="true"/>
	<map:serialize type="xml"/>

> And I'm not sure what you mean by "required crypt(3)" - required by whom ?

Me. I assumed (obviously wrongly) that Cocoon would handle the 
encryption of the password. No matter -- for the moment I don't care;
but the problem still stands in that it isn't coming back with
authentication when I provide the right userid/password pair in Cocoon,
but it *does* provide the specified output if I perform the same action
from the shell commandline using Saxon.

> HTTP  Basic Authentication sends  the bas64 encoding of "user:password"  
> They aren't encrypted.

Base64? Ewww. So if I store the userid and password in my XML disk file 
in base64 encoding they should be matched?

> ( But if you're trying to port users from an Apache .htpasswd file , 
> then THOSE entries are encrypted with crypt(3). That was my problem
> and I found and adapted a javascript version of crypt. )

No, I wasn't trying to use those: I just assumed the concept would be 
the same, only performed by my XML file and its XSLT procedure.

The documentation is missing this vital information in that case.

Has anyone ever implemented a small test case where authentication is 
performed by a component which just runs XSLT over XML and matches the
passed userid/password parameters with values in the XML file, and 
returns the format specified in the Cocoon doc at


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message