RE: Authentication Framework

Thu, 04 Jul 2002 01:37:30 -0700 

Michael Hampel wrote:
>
>  I am trying out the authentication framework with Cocoon 2.1 dev.
>  Everything runs fine so far - I only have one problem:
>
>  If the login fails due to a wrong username I want to redirect
> the user to
>  the login page displaying an error message why the login failed.
>
>  In my authentication resource I create an XML like:
>
>   <authentication>
>
>       <data>
>
>          <Error>Wrong username</Error>
>
>       </data>
>
>    </authentication>
>
>  My question now is - where does this xml go to???
>
>  As I understand from the doc, I only will have an authentication
>  session context for successful login - how can I access the
>  information of the xml when login failed??
>
Yes, you only get a session if the authentication was successful.
In the case of a failed authentication, the XML containing the
error message is stored as a DocumentFragment in an request attribute
of the current request.
This attribute is named
"org.apache.cocoon.webapps.authentication.LoginFailedFor"
concatenated with the handler name, so if the handler is named "myhandler",
the attribute is named
"org.apache.cocoon.webapps.authentication.LoginFailedFormyhandler".

Now, this attribute is only available during the request for the login,
if you do a redirect the information is lost.
One solution would be to fetch the string out of the request attribute
and append it as a parameter to the redirect URL.

In fact, this is a week point of the authentication framework. I'm not
sure if it is the best way to store the information in the request
attribute.
I'm open to suggestions and comments to make this part better.

HTH
Carsten

Carsten Ziegeler     Chief Architect     Open Source Group, S&N AG
------------------------------------------------------------------
             Cocoon Consulting, Training and Projects
------------------------------------------------------------------
mailto:[EMAIL PROTECTED]                  http://www.s-und-n.de
                    http://ziegeler.bei.t-online.de


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>

Reply via email to