Dave,
Since the Comment Authenticator's getHTML() is called by the
ClientSideInclude javascript, there are a few limitations on it.
1. The Comment form is already produced. It can not be changed easily.
I tried to provide a segment of javascript, but it is not executed.
(maybe due to the nature of ClientSideInclude.)
An "init comment" method is better than ClientSideInclude.
In my case, I would like the authentication dialog right below "Name"
field. Not way down the form.
The request object sent to getHTML does not seem to be useful.
2. The getHTML will provide one of the two username-authentication
mechanisms:
1) If with WPM (ClearTrust), where the user is already
authenticated by Apache,
I will provide a checkbox to trigger a Javascript to append the
username to "Name" field.
2) If without WPM, I will provide the "Username" and "Password"
dialog.
The problem here is that the HTML from ClientSideInclude can
not execute
or compile more Javascript. So I have to use a cumbersome
checkbox to invoke onClick and call
a one-line javascript code. Otherwise, if I can execute a
segment of javascript, I would not need
the checkbox. Everything will happen transparently. This can be
accomplished by a modified onSubmit
method from the "init" method.
3. The other way of manipulating comment form is, upon correct
authentication (based on username, such
as mentioned above), the authenticate() method can populate fields
such as "Name", "Email", etc
from LDAP. (In this case, Name field does not even need to appear in
the form)
However, at present time, the request object can not be modified in
authenticate().
I tried a few Wrappers on request object to make it modifiable, none
seem to work...
I don't know what the solution could be here.
But this would offer great flexibility to enterprise developers.
Steve Lihn
-----Original Message-----
From: Dave [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 19, 2006 10:05 AM
To: [email protected]
Subject: Re: Is it possible to authenticate the commenters
On 12/14/06, Lihn, Steve <[EMAIL PROTECTED]> wrote:
> <form method="post"
>
action="http://blog.merck.com/roller//stevelihn/entry/google_released_we
> b_toolkit_enabling" focus="name"
> name="form" onsubmit="fixURL(this); return
> validateComments(this)">
> ...
>
> var author = getCookie("commentAuthor");
> var email = getCookie("commentEmail");
> var url = getCookie("commentUrl");
> // check each field - IE will render "null"
> if (author) {
> document.forms['commentForm'].name.value = author;
> }
> if (email) {
> document.forms['commentForm'].email.value = email;
> }
> if (url) {
> document.forms['commentForm'].url.value = url;
> }
> --
> A few question on this segment of HTML. First, is it possible to set
> commentAuthor Cookie from commentAuthenticator's getHTML? If yes, how?
> There is no response object from that method.
You're correct, since you don't have access to the response object in
the CommentAuthenticator.getHTML() method, you're out of luck.
What if the getHTML() method accepted request and response objects?
Would that solve the problem?
public String getHTML(HttpServletRequest req, HttpServletResponse
res)
Or would it be better to support an "init comment" method so that
comment authenticators can manipulate the comment object before it
appears on the page.
public CommentData initComment(CommentData comment)
> Second, where is commentForm? The form name seems to be "form"? Is
this
> a bug?
Yes, that does appear to be a bug and it breaks remember info. The
form name should be "commentForm". I just committed a fix to SVN
trunk.
- Dave
>
> Steve Lihn
>
>
> -----Original Message-----
> From: Dave [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 13, 2006 5:38 PM
> To: [email protected]
> Subject: Re: Is it possible to authenticate the commenters
>
> On 12/13/06, Lihn, Steve <[EMAIL PROTECTED]> wrote:
> > We are encountering an enterprise issue with the commenters being
> > anonymous. Is it possible to authenticate the commenters, say via
> LDAP, in order
> > for that person to write comments?
> >
> > I know this is stretching Roller very far. Any help is appreciated.
>
> Yes, you'll need to do a little Java coding, but it is possible to
> implement your own comment authenticator. Here are the steps:
>
> 1) Implement the CommentAuthenticator interface below and in it,
> check for LDAP login.
> 2) Put your implementation into the Roller classpath (e.g. in a jar in
> WEB-INF/lib)
> 3) In your roller-custom.properties file override the property
> 'comment.authenticator.classname' and set it to your classname.
>
>
> And here's the interface CommentAuthenticator.java:
>
> package org.apache.roller.ui.rendering.util;
>
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import org.apache.roller.pojos.CommentData;
> import org.apache.velocity.context.Context;
>
> /**
> * Interface for comment authentication plugin.
> */
> public interface CommentAuthenticator {
> /**
> * Plugin should write out HTML for the form fields and other UI
> elements
> * needed to display the comment authentication widget.
> * @param request comment form request object
> */
> public String getHtml(HttpServletRequest request);
>
> /**
> * Plugin should return true only if comment posting passes the
> * authentication test.
> * @param request comment posting request object
> * @return true if authentication passed, false otherwise
> */
> public boolean authenticate(HttpServletRequest request);
>
> }
>
>
>
>
>
------------------------------------------------------------------------
------
> Notice: This e-mail message, together with any attachments, contains
> information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station,
> New Jersey, USA 08889), and/or its affiliates (which may be known
> outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD
> and in Japan, as Banyu - direct contact information for affiliates is
> available at http://www.merck.com/contact/contacts.html) that may be
> confidential, proprietary copyrighted and/or legally privileged. It is
> intended solely for the use of the individual or entity named on this
> message. If you are not the intended recipient, and have received this
> message in error, please notify us immediately by reply e-mail and
then
> delete it from your system.
>
>
------------------------------------------------------------------------
------
>
------------------------------------------------------------------------------
Notice: This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station,
New Jersey, USA 08889), and/or its affiliates (which may be known
outside the United States as Merck Frosst, Merck Sharp & Dohme or MSD
and in Japan, as Banyu - direct contact information for affiliates is
available at http://www.merck.com/contact/contacts.html) that may be
confidential, proprietary copyrighted and/or legally privileged. It is
intended solely for the use of the individual or entity named on this
message. If you are not the intended recipient, and have received this
message in error, please notify us immediately by reply e-mail and then
delete it from your system.
------------------------------------------------------------------------------
