Re: Flow and the authentication framework
On Tuesday, Aug 12, 2003, at 10:39 Europe/Rome, Carsten Ziegeler wrote: Stefano Mazzocchi wrote: The auth framework action should be refactored into a general user-managing component and at that point, it could be used both by the action and by a flowscript. It's already refactored, the actions are only looking up the user manager and call a method on it. This should be very trivial to do from flowscript. ah, cool. then all we need is real blocks to make this work ;-) -- Stefano.
Re: Flow and the authentication framework
On Monday, Aug 11, 2003, at 19:26 Europe/Rome, Upayavira wrote: On 11 Aug 2003 at 19:10, Reinhard Pötz wrote: From: Steve Krulewitz [I posted this earlier on the user list, but it might be more appropriate here given the new-ness of the flow stuff] Hey folks -- Total newbie here. I've been spending the last week getting up to speed on Cocoon, especially the new flow stuff and how it impacts the action-based authentication framework. If flow essentially deprecates actions in general, what is the proper way to access the authentication framework from flow? Very good question. I've been thinking about the very same thing for the last month or so. I have pretty wild ideas on how to do this. Stay tuned for my Sylvain's pool random thought mail appearing right after the 2.1 release. The petstore sample seems to use its own user database, which would lead me to believe that the current authentication framework is not intended to be used with flow? Correct. The auth-framework was not intented to be used with the flow. AFAIK, there hasn't been done any work yet. Personally I haven't used the authentication framework. What I know the authentication framework can protect your pipelines. IMHO this doesn't make sense for flow applications because you work with sendPage(AndWait) and this allows you to send internal-only pipelines and your controller should know if a user is allowed to receive a page or not. But maybe I'm completly wrong here ... Interesting points. The auth framework action should be refactored into a general user-managing component and at that point, it could be used both by the action and by a flowscript. More specifically, I'm not really looking to restrict access to particular pages and pipelines, rather I want the user's authentication status and role(s) to affect the page generation. Sorry, can't help you with that. You could check out the Linotype block, which does some basic authentication using flow. Yes and it uses a super simple java components to do user management. I know Turbine has a component that does this already and they were talking about avalonizing it. But stay tuned for more on this subject. -- Stefano.
RE: Flow and the authentication framework
On 11 Aug 2003 at 16:22, Steve Krulewitz wrote: You could check out the Linotype block, which does some basic authentication using flow. Thanks for the pointer -- I was unaware that linotype was flow-ified. It looks like both the petstore and linotype roll their own authentication method, petstore hitting the database directly from the flow js, and linotype using a class that reads the user info from a file. I will take a closer look at the sunrise authentication framework and see if it suits my needs enough to refactor it into something that can be called directly from flow. That would be great. I've not used the authorisation-fw stuff, but I'd imagine there's more to it than what is implemented in Linotype or petstore, and it would be good to have a flow interface to it available. I could see myself being a user of it. Regards, Upayavira
RE: Flow and the authentication framework
Stefano Mazzocchi wrote: The auth framework action should be refactored into a general user-managing component and at that point, it could be used both by the action and by a flowscript. It's already refactored, the actions are only looking up the user manager and call a method on it. This should be very trivial to do from flowscript. Carsten
RE: Flow and the authentication framework
Steve Krulewitz wrote: Hey folks -- Total newbie here. I've been spending the last week getting up to speed on Cocoon, especially the new flow stuff and how it impacts the action-based authentication framework. If flow essentially deprecates actions in general, what is the proper way to access the authentication framework from flow? The petstore sample seems to use its own user database, which would lead me to believe that the current authentication framework is not intended to be used with flow? When the authentication framework was developed the flow concept wasn't even mentioned. So that's the main reason why there is currently no support from flow. I think it makes sense to have support for the auth framework from flow and adding support in flow is one minor point on my todo list for 2.2, so if you want to step in, great! However, there is one tricky point as the configuration for the auth framework is currently in the sitemap as well; I guess you must either have the ability to define the conf in flow itself or use a configuration xml for that. If you need help, let me know. More specifically, I'm not really looking to restrict access to particular pages and pipelines, rather I want the user's authentication status and role(s) to affect the page generation. Yes, I guess the auth framework could really help you here. Carsten
RE: Flow and the authentication framework
You could check out the Linotype block, which does some basic authentication using flow. Thanks for the pointer -- I was unaware that linotype was flow-ified. It looks like both the petstore and linotype roll their own authentication method, petstore hitting the database directly from the flow js, and linotype using a class that reads the user info from a file. I will take a closer look at the sunrise authentication framework and see if it suits my needs enough to refactor it into something that can be called directly from flow. cheers, -steve
Re: Flow and the authentication framework
Geoff had a different approach to authenticating. He mentioned using a Matcher, in his case a ContainerRoleMatcher, to enclose any pipelines you want to secure. Then you won't need to access any authentication information inside your flow. -- Ryan Hoegg ISIS Networks http://www.isisnetworks.net Steve Krulewitz wrote: You could check out the Linotype block, which does some basic authentication using flow. Thanks for the pointer -- I was unaware that linotype was flow-ified. It looks like both the petstore and linotype roll their own authentication method, petstore hitting the database directly from the flow js, and linotype using a class that reads the user info from a file. I will take a closer look at the sunrise authentication framework and see if it suits my needs enough to refactor it into something that can be called directly from flow. cheers, -steve
RE: Flow and the authentication framework
From: Steve Krulewitz [I posted this earlier on the user list, but it might be more appropriate here given the new-ness of the flow stuff] Hey folks -- Total newbie here. I've been spending the last week getting up to speed on Cocoon, especially the new flow stuff and how it impacts the action-based authentication framework. If flow essentially deprecates actions in general, what is the proper way to access the authentication framework from flow? The petstore sample seems to use its own user database, which would lead me to believe that the current authentication framework is not intended to be used with flow? AFAIK, there hasn't been done any work yet. Personally I haven't used the authentication framework. What I know the authentication framework can protect your pipelines. IMHO this doesn't make sense for flow applications because you work with sendPage(AndWait) and this allows you to send internal-only pipelines and your controller should know if a user is allowed to receive a page or not. But maybe I'm completly wrong here ... More specifically, I'm not really looking to restrict access to particular pages and pipelines, rather I want the user's authentication status and role(s) to affect the page generation. Sorry, can't help you with that. Cheers, Reinhard