cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre Juffer <Andre.Juf...@oulu.fi>
Subject Re: Authenticating pipelines called from a cron job
Date Wed, 09 May 2007 13:24:48 GMT
Sanket Pattekar wrote:
> Thanks for the reply...
> 
> As Ard pointed out I need to have an external pipleine for the cron.
> 
> In our environment, we have internet and intranet URLs that are
> accessible. I can put a check that would only allow the pipeline to be
> executed from intranet, but that is not what I need.
> 
> I need to check(in the cron pipeline) that it is being executed by the
> CRON JOB and not by any external user request. This is the only way I
> can prevent unauthorized access to the cron pipeline.

Why not simply add a request parameter to the request from the CRON JOB, 
somethink like:

http://www.your-server.foo/your-pipeline?param=value.

The name 'param' (and possibly its 'value') would be mandatory for a 
proper execution and your in fact the only one who knows the name (and 
its value) of 'param'. External users would not know about that param, 
and you can simply test for the existence of the param (and also the 
correct value, if needed). If the wrong param (and value) is given, you 
redirect the request to another pipeline to avoid the cron pipeline 
being executed.

> 
> Thanks
> Sanket
> 
> 
> On 5/9/07, Ard Schrijvers <a.schrijvers@hippo.nl> wrote:
>> Hello,
>>
>> think I kind of know the setup of Sanket: he needs an external 
>> pipeline, because a host needs to be matched.
>>
>> @Sanket: you might add a "non-external-existing" host in your 
>> sites.xconf, and use external pipeline. From the outside, nobody will 
>> be able to run this one, right. Or, you do have a normal external 
>> pipeline, but you add the port number your cocoon instance is running 
>> under, and you make sure this request cannot be done from "outside"
>>
>> Ard
>>
>> >
>> > Hi Sanket,
>> >
>> > do I understand you correct. You want your cronjob to execute an
>> > external pipeline on the same cocoon instance the cron job is
>> > runing and
>> > want to prevent external users from accessing the same pipeline
>> > manually? Why not use an internal pipeline instead? You could
>> > create an
>> > internal pipeline and har code authentication in this pipeline
>> >
>> >             <map:pipeline internal-only="true">
>> >                  <map:match pattern="some-cron-pipeline">
>> >                     <map:act type="auth-login">
>> >                        <map:parameter name="handler"
>> > value="authhandler"/>
>> >                        <map:parameter name="parameter_username"
>> > value="{request-param:username}"/>
>> >                        <map:parameter name="parameter_password"
>> > value="{request-param:password}"/>
>> >                        <map:parameter name="session-timeout"
>> > value="540"/>
>> >                        <map:act type="auth-protect">
>> >                            <map:parameter name="handler"
>> > value="authhandler"/>
>> >                            <map:generate/>
>> >                            <map:transform/>
>> >                             <map:serialize/>
>> >                        </map:act>
>> >                     </map:act>
>> >                 </map:match>
>> >
>> > Havent tested this thogh ...my CronJobs don't need
>> > authentication since
>> > they are internal pipelines and I allways know who I am ;)
>> >
>> > Chris
>> >
>> > Sanket Pattekar schrieb:
>> > > Hi,
>> > >
>> > > I am using a cron job that fires daily, which call the pipeline as
>> > > follows
>> > >
>> > > <component
>> > > class="org.apache.cocoon.components.cron.CocoonPipelineCronJob"
>> > > logger="core"
>> > > role="org.apache.cocoon.components.cron.CronJob/pipeline-daily">
>> > >     <pipeline>some-external-pipeline</pipeline>
>> > >    </component>
>> > >
>> > > The above cron job uses an extaernal pipeline, it can also
>> > be accessed
>> > > by the external user. I want to prevent the same, and some
>> > > authentication, so that this pipeline is only executed when called
>> > > from a cron job and not explicitly.
>> > >
>> > > Is there any I can check the same.
>> > >
>> > > Sanket
>> > >
>> > >
>> > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>> > > For additional commands, e-mail: users-help@cocoon.apache.org
>> > >
>> >
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>> > For additional commands, e-mail: users-help@cocoon.apache.org
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>> For additional commands, e-mail: users-help@cocoon.apache.org
>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 


-- 
Andre H. Juffer              | Phone: +358-8-553 1161
The Biocenter and            | Fax: +358-8-553-1141
     the Dep. of Biochemistry | Email: Andre.Juffer@oulu.fi
University of Oulu, Finland  | WWW: www.biochem.oulu.fi/Biocomputing/
NordProt                     | WWW: www.nordprot.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message