cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Huttar <lars_hut...@sil.org>
Subject Re: authentication framework problem
Date Mon, 23 Jul 2012 21:27:18 GMT
On 7/23/2012 12:37 PM, Lars Huttar wrote:
> Hi all,
>
> I'm trying to get authentication working in Cocoon 2.1.11. Everything
> that I've been able to examine is working correctly, but instead of
> letting certain people in, it just keeps everybody out (and shows the
> redirect-to page).
>
> Here's my handler configuration:
>
>          <authentication-manager>
>             <handlers>
>                <handler name="ethnopubhandler">
>                   <redirect-to
> uri="cocoon://mount/ethnologue-17-pub/forbidden.html"/>
>                   <!-- <redirect-to
> uri="cocoon:/../../../../forbidden.html"/> works, but depends on how
> deep current URL is. -->
>                   <authentication
> uri="cocoon:raw://mount/ethnologue-17-pub/authorize"/>
>                </handler>
>             </handlers>
>          </authentication-manager>
>
> This is in a subsitemap that's in the subfolder mount/ethnologue-17-pub/
> under the main Cocoon sitemap.
>
> The authorize pipeline, in the same sitemap, is defined as:
>
>          <map:match pattern="authorize">
>             <map:generate src="process/access-list.xml" />
>             <map:transform src="process/authorize.xsl" type="xslt-saxon">
>                <map:parameter name="username"
> value="{request-header:osso_user_dn}" />
>             </map:transform>
>             <map:serialize type="xml-utf8" />
>          </map:match>
>
> This part works fine: if I go to "/authorize" in a browser, I get this
> XML response:
>
> <?xml version="1.0" encoding="UTF-8"?><authentication><ID>lars_huttar</ID><role>...</role></authentication>
>
> According to this page:
> http://cocoon.apache.org/2.1/developing/webapps/authentication/authenticating_user.html
> the XML response just has to include the <authentication> and <ID>
> elements to indicate successful authentication. Which it does.
>
> But if I go to a URL that's protected by that authentication handler,
> such as
>
>          <map:match pattern="dataset/*/*/*/source">
>             <map:act type="auth-protect">
>                <map:parameter name="handler" value="ethnopubhandler"
> />              
>                <map:generate src="datasets/query/{1}.xml"/>
>             <map:serialize type="xml"/>
>             </map:act>
>          </map:match>
>
> I get the "forbidden.html" page.
>
> How can I trace what's going wrong?
>
> Thanks,
> Lars
>
>


P.S.

The code in authentication/components/PipelineAuthenticator.java has
debug logging output like

        if (this.getLogger().isDebugEnabled()) {
            this.getLogger().debug("END isValidAuthenticationFragment
valid=" + isValid);
        }

and I have this in my WEB-INF\logkit.xconf:

     <category log-level="DEBUG" name="core.authentication-manager">
        <log-target id-ref="main" />
     </category>

So I would have expected debug logging to be enabled.
But I don't see the above debug log message or anything like it in the
WEB-INF\logs\*.log files.

I also tried turning on global debug logging:

    <category log-level="DEBUG" name="">
      <log-target id-ref="main"/>
    </category>

Of course I got loads of output. But nothing like "END
isValidAuthenticationFragment valid=". What am I doing wrong?



Another angle: in the deprecation.log, I get

  WARN  (2012-07-23) 16:22.48:459 [deprecation]
(/mount/ethnologue-17-pub/dataset/country-header/-/-/source)
catalina-exec-5/Deprecation.LoggerWrapper: The authentication-fw block
is deprecated. Please use the auth block instead.

Ah, I say, there is something new to replace the authentication
framework I'm using!

But in the samples/blocks folder, there is "authentication-fw" but no
"auth" block. Where do I find "auth"?


Thanks for any help.

Lars


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message