I'm trying to implement a homegrown authentication scheme. One of our types of users will be "authenticated" by coming into the system with appropriate credentials as request parameters in the URL (we will e-mail them their unique URL). This is to avoid generating a large number of user ids and requiring all these users to remember credentials for a system they will likely use once or twice a year. None of the existing server-level authentication schemes would seem to support this.
Once the user has "logged in" by providing the correct credentials, I planned to store their identity and the fact that they have been authenticated in their session. So, each time a request is made to a protected page, I need to first check the session to see if the user is already authenticated. If not, I need to check the request parameters, if available, against the database. If both of these fail, I need to redirect the user to a polite login failure page (at some point we will have users that use a traditional login mechanism, at which point we'll probably redirect to a login form). I read the Action docs and searched through the mail archives, and I thought I could do something like this: <map:act type="my-authenticator"> <map:match pattern="some protected url"> ... </map:match> <map:match pattern="some other protected url"> ... </map:match> </map:act> As I understood it, if the authentication fails, I would redirect to my failure page in the Action and return null to prevent anything inside the <map:act> element from running. If the authentication succeeds, I return an empty Map and the stuff inside the <map:act> element will run as usual. Now that I'm saying all that it doesn't sound very likely, but I swear I got it all from the docs. Any suggestions? -Christopher From: "Christopher Painter-Wakefield" <[EMAIL PROTECTED]> > What is the proper way to redirect in an Action? Why do you have to redirect in an action? I would not suggest it. Redirect instead in the sitemap based on the results of the Action. -- Nicola Ken Barozzi [EMAIL PROTECTED] - verba volant, scripta manent - (discussions get forgotten, just code remains) --------------------------------------------------------------------- --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>