I think a more important feature is to be able to populate the J2EE security realm with a Principal name and roles, once authenticated through sunrise. Since sunrise is doing a good job at protecting the URLs, I am not so concerned about the url constraints in web.xml. However I would like to have the principal available in the context when obtaining J2ee resources: Transactions, Datasources, EJBs, JMS, etc.
----- Original Message ----- From: "Carsten Ziegeler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 09, 2002 12:52 AM Subject: RE: SunRise with container managed security... > Per Kreipke wrote: > > > > > I think, two users have reported this on the user list some months ago. > > > > > > Carsten > > > > Sorry, meaning what? Someone else mentioned it or did the work to > > integrate > > the two? I can't find anything about it on the MARC archive. > > > Sorry, I had little time yesterday..so I only wrote short mails... > Yes, someone mentioned it and integrated it. I don't know how he did it. > > Basically, this approach should work: > The container managed security is outside of Cocoon, so if a protected > document is called and the request enters Cocoon, the user must be > authenticatd. > Otherwise the contained would have denied the access. > > Now, you can write an automatically log-in handler for Cocoon. > For the protected document, test if the usre is already logged-in via > the handler. If so, serve the document. > If the user is not logged-in via the handler (but then he is already > authorized by the container) you can invoke the login-action and write > an authentication pipeline for the handler which does nothing more > than getting the user, roles, principles from the container and > returning them to the handler. > That's it. > > I must confess, that you have to write a simple authentication pipeline > for it - I think spending 4 hours on it would be enough and you > have the container integration. > > HTH > Carsten > > > I was thinking that one way to do so would be to satisfy the login request > > with an XSP page that enumerates the <authentication> block with > > the values > > of getRemoteUser(), the roles, etc. > > > > Per > > > > > > -----Original Message----- > > > > From: Per Kreipke [mailto:[EMAIL PROTECTED]] > > > > Sent: Wednesday, August 07, 2002 9:24 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: SunRise with container managed security... > > > > > > > > > > > > I've had the demo code working and gotten the SunRise > > > > authentication to work > > > > off static files and am about to try it off a DB. > > > > > > > > However, what I'm really interested in, since Cocoon isn't the > > > > only servlet > > > > running, is integrating the SunRise components with the Tomcat > > > Realm based > > > > security. Has that been done before? > > > > > > > > Per > > > > > > > > > > > > --------------------------------------------------------------------- > > > > Please check that your question has not already been answered in the > > > > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > > > > > > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > > > > For additional commands, e-mail: <[EMAIL PROTECTED]> > > > > > > > > > > > > > --------------------------------------------------------------------- > > > Please check that your question has not already been answered in the > > > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > > > > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > > > For additional commands, e-mail: <[EMAIL PROTECTED]> > > > > > > > > > > > > --------------------------------------------------------------------- > > Please check that your question has not already been answered in the > > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > > For additional commands, e-mail: <[EMAIL PROTECTED]> > > > > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]> > For additional commands, e-mail: <[EMAIL PROTECTED]> > --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>