I'm trying to implement a homegrown authentication scheme. One of our
types of users will be "authenticated" by coming into the system with
appropriate credentials as request parameters in the URL (we will e-mail
them their unique URL). This is to avoid generating a large number of user
ids and requiring all these users to remember credentials for a system they
will likely use once or twice a year. None of the existing server-level
authentication schemes would seem to support this.
Once the user has "logged in" by providing the correct credentials, I
planned to store their identity and the fact that they have been
authenticated in their session.
So, each time a request is made to a protected page, I need to first check
the session to see if the user is already authenticated. If not, I need to
check the request parameters, if available, against the database. If both
of these fail, I need to redirect the user to a polite login failure page
(at some point we will have users that use a traditional login mechanism,
at which point we'll probably redirect to a login form).
I read the Action docs and searched through the mail archives, and I
thought I could do something like this:
<map:act type="my-authenticator">
<map:match pattern="some protected url">
...
</map:match>
<map:match pattern="some other protected url">
...
</map:match>
</map:act>
As I understood it, if the authentication fails, I would redirect to my
failure page in the Action and return null to prevent anything inside the
<map:act> element from running. If the authentication succeeds, I return
an empty Map and the stuff inside the <map:act> element will run as usual.
Now that I'm saying all that it doesn't sound very likely, but I swear I
got it all from the docs.
Any suggestions?
-Christopher
From: "Christopher Painter-Wakefield" <[EMAIL PROTECTED]>
> What is the proper way to redirect in an Action?
Why do you have to redirect in an action?
I would not suggest it.
Redirect instead in the sitemap based on the results of the Action.
--
Nicola Ken Barozzi [EMAIL PROTECTED]
- verba volant, scripta manent -
(discussions get forgotten, just code remains)
---------------------------------------------------------------------
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
