Authentication framework problem

2004-01-19 Thread [EMAIL PROTECTED] 
Hi all!
I have a problem with the authentication framework.

I have the user information (in this case username/password and other info) in a 
remote MySQL database, for which I have already set a connection pool in Cocoon 
(2.1.3).
I have two ways for doing such user authentication:
1) writing a simple action that checks the user parameters (username/password) 
provided through a web form, with those stored in the database. Here the problem, for 
me, is to write java code that reuse the connection pool set for other pipelines (but 
at a transform level). I have no idea...

2) customize the authentication resource, to use the existing authentication 
framework. But Where can I add the custom code that queries my database? Do I Have to 
change only the AuthAction class?

Please give some hint, or better (If you can) some code example.

Thank you a lot, and... sorry for my english ;-)

Bye,
Nesto


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Authentication framework problem

2004-01-19 Thread [EMAIL PROTECTED] 
Hi all!
I have a problem with the authentication framework.

I have the user information (in this case username/password and other info) in a 
remote MySQL database, for which I have already set a connection pool in Cocoon 
(2.1.3).
I have two ways for doing such user authentication:
1) writing a simple action that checks the user parameters (username/password) 
provided through a web form, with those stored in the database. Here the problem, for 
me, is to write java code that reuse the connection pool set for other pipelines (but 
at a transform level). I have no idea...

2) customize the authentication resource, to use the existing authentication 
framework. But Where can I add the custom code that queries my database? Do I Have to 
change only the AuthAction class?

Please give some hint, or better (If you can) some code example.

Thank you a lot, and... sorry for my english ;-)

Bye,
Nesto



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

authentication framework problem

2012-07-23 Thread Lars Huttar 
Hi all,

I'm trying to get authentication working in Cocoon 2.1.11. Everything
that I've been able to examine is working correctly, but instead of
letting certain people in, it just keeps everybody out (and shows the
redirect-to page).

Here's my handler configuration:

 

   
  
  
  
   

 

This is in a subsitemap that's in the subfolder mount/ethnologue-17-pub/
under the main Cocoon sitemap.

The authorize pipeline, in the same sitemap, is defined as:

 


   


 

This part works fine: if I go to "/authorize" in a browser, I get this
XML response:

lars_huttar...

According to this page:
http://cocoon.apache.org/2.1/developing/webapps/authentication/authenticating_user.html
the XML response just has to include the  and 
elements to indicate successful authentication. Which it does.

But if I go to a URL that's protected by that authentication handler,
such as

 

 
   


 

I get the "forbidden.html" page.

How can I trace what's going wrong?

Thanks,
Lars



-
To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org
For additional commands, e-mail: users-h...@cocoon.apache.org

Re: Authentication framework problem

2004-01-19 Thread Nicolas Toper 
I'd advise solution 2. Look in the documentation for DB handling. Basically, 
you could use the SQL transformer. This is quite easy do'nt worry )=
Le Lundi 19 Janvier 2004 12:15, [EMAIL PROTECTED] a écrit :
> Hi all!
> I have a problem with the authentication framework.
>
> I have the user information (in this case username/password and other info)
> in a remote MySQL database, for which I have already set a connection pool
> in Cocoon (2.1.3). I have two ways for doing such user authentication:
> 1) writing a simple action that checks the user parameters
> (username/password) provided through a web form, with those stored in the
> database. Here the problem, for me, is to write java code that reuse the
> connection pool set for other pipelines (but at a transform level). I have
> no idea... 
> 2) customize the authentication resource, to use the existing
> authentication framework. But Where can I add the custom code that queries
> my database? Do I Have to change only the AuthAction class?
>
> Please give some hint, or better (If you can) some code example.
>
> Thank you a lot, and... sorry for my english ;-)
>
> Bye,
> Nesto
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AW: Authentication framework problem

2004-01-19 Thread Jens Maukisch 
Hi,

> 2) customize the authentication resource, to use the existing
authentication framework. But Where > can I add the custom code that queries
my database? Do I Have to change only the AuthAction class?
This should help you:
http://marc.theaimsgroup.com/?l=xml-cocoon-users&m=105289531706378&w=2

kind regards
Jens


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re:AW: Authentication framework problem

2004-01-19 Thread [EMAIL PROTECTED] 
Thank you Jens, but I have some doubts about this pipeline

>From  : "Jens Maukisch" [EMAIL PROTECTED]
> > 2) customize the authentication resource, to use the existing
> authentication framework. But Where > can I add the custom code that queries
> my database? Do I Have to change only the AuthAction class?
> This should help you:
> http://marc.theaimsgroup.com/?l=xml-cocoon-users&m=105289531706378&w=2
>
> kind regards
> Jens

This is the pipeline from the linked document:













The XML document loaded by the generator contains the complete list of the users of 
the portal with all the information (from the Portal sample of Cocoon).
If I want to replace the static xml document with an XSP that loads the same data from 
a database, what I have to load?
1) Do I have to select all the users of the portal everytime? (NO, I hope! What if I 
have 1000 or more users???)
2) In the case I can use request parameters I select from the database only the 
information about the current user, but this is possible only in the login step; when 
the user navigates internal pages of the portal I suppose I don't have the 
username/pasword in the request. So the doubt is: What I have to select from the 
database to create the XML ...?
With other  words: my XSP has to select form database with which parameters??

I hope I have explained the problem in an understandable way ;-)
Thank you for your answer!

Bye,
Nesto


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Authentication framework problem

2004-01-21 Thread Stefan Klein 
Hi Nesto,

not a complete answer, but some pointers that might help you:

> 1) writing a simple action that checks the user parameters
> (username/password) provided through a web form, with those stored in
> the database. Here the problem, for me, is to write java code that
> reuse the connection pool set for other pipelines (but at a transform
> level). I have no idea...

You need to get hold of the DataSourceSelector to get hold of a pooled
connection: 

1.Write an action that extends ServiceableAction. 
2.Overwrite the service method:
public void service(ServiceManager manager) 
throws ServiceException {
this.dbselector = (ServiceSelector)
manager.lookup(DataSourceComponent.ROLE + "Selector");
super.service(manager); 
}
[I am assuming dbSelector is a private field of the action of class
...avalon.framework.service.ServiceSelector.]

3. Overwrite the dispose method to release the component:
public void dispose() {
this.manager.release(this.dbselector);
super.dispose();
}

Now you can use the dbselector anywhere in your action code to obtain a
datasource which in turn can give you a connection:
DataSourceComponent datasource =
(DataSourceComponent)this.dbselector.select("nameofyourpool");
Connection conn = datasource.getConnection();

conn is of class java.sql.Connection, so from here you should be able to
get on yourself using JDBC.

NOTE: I am still not very experienced with avalon and components, so the
code might not be ideal, but it works for me. If someone has corrections,
I'd be happy to hear them.
For a good example of obtaining a pooled connection and using it, look at
the SQLTransformer.


> 2) customize the authentication resource, to use the existing
> authentication framework. But Where can I add the custom code that
> queries my database? Do I Have to change only the AuthAction class?

I don't know the authentication-framework particularly well, but the
authentication handler takes a uri that has to return some xml to grant
authorization or not, doesn't it? You could just write an esql-xsp-page
to query your database and return the xml accordingly. That would
probably be a lot easier than the action-approach, if you're already
using the framework.

HTH
Stefan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: authentication framework problem

2012-07-23 Thread Lars Huttar 
On 7/23/2012 12:37 PM, Lars Huttar wrote:
> Hi all,
>
> I'm trying to get authentication working in Cocoon 2.1.11. Everything
> that I've been able to examine is working correctly, but instead of
> letting certain people in, it just keeps everybody out (and shows the
> redirect-to page).
>
> Here's my handler configuration:
>
>  
> 
>
>uri="cocoon://mount/ethnologue-17-pub/forbidden.html"/>
>   
>uri="cocoon:raw://mount/ethnologue-17-pub/authorize"/>
>
> 
>  
>
> This is in a subsitemap that's in the subfolder mount/ethnologue-17-pub/
> under the main Cocoon sitemap.
>
> The authorize pipeline, in the same sitemap, is defined as:
>
>  
> 
> 
> value="{request-header:osso_user_dn}" />
> 
> 
>  
>
> This part works fine: if I go to "/authorize" in a browser, I get this
> XML response:
>
>  encoding="UTF-8"?>lars_huttar...
>
> According to this page:
> http://cocoon.apache.org/2.1/developing/webapps/authentication/authenticating_user.html
> the XML response just has to include the  and 
> elements to indicate successful authentication. Which it does.
>
> But if I go to a URL that's protected by that authentication handler,
> such as
>
>  
> 
> />  
>
> 
> 
>  
>
> I get the "forbidden.html" page.
>
> How can I trace what's going wrong?
>
> Thanks,
> Lars
>
>


P.S.

The code in authentication/components/PipelineAuthenticator.java has
debug logging output like

if (this.getLogger().isDebugEnabled()) {
this.getLogger().debug("END isValidAuthenticationFragment
valid=" + isValid);
}

and I have this in my WEB-INF\logkit.xconf:

 

 

So I would have expected debug logging to be enabled.
But I don't see the above debug log message or anything like it in the
WEB-INF\logs\*.log files.

I also tried turning on global debug logging:


  


Of course I got loads of output. But nothing like "END
isValidAuthenticationFragment valid=". What am I doing wrong?



Another angle: in the deprecation.log, I get

  WARN  (2012-07-23) 16:22.48:459 [deprecation]
(/mount/ethnologue-17-pub/dataset/country-header/-/-/source)
catalina-exec-5/Deprecation.LoggerWrapper: The authentication-fw block
is deprecated. Please use the auth block instead.

Ah, I say, there is something new to replace the authentication
framework I'm using!

But in the samples/blocks folder, there is "authentication-fw" but no
"auth" block. Where do I find "auth"?


Thanks for any help.

Lars


-
To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org
For additional commands, e-mail: users-h...@cocoon.apache.org

Re: authentication framework problem

2012-07-24 Thread Lars Huttar 
On 7/23/2012 5:27 PM, Lars Huttar wrote:
>
>
>
> Another angle: in the deprecation.log, I get
>
>   WARN  (2012-07-23) 16:22.48:459 [deprecation]
> (/mount/ethnologue-17-pub/dataset/country-header/-/-/source)
> catalina-exec-5/Deprecation.LoggerWrapper: The authentication-fw block
> is deprecated. Please use the auth block instead.
>
> Ah, I say, there is something new to replace the authentication
> framework I'm using!
>
> But in the samples/blocks folder, there is "authentication-fw" but no
> "auth" block. Where do I find "auth"?
>

I wonder if "auth" is the same as "CAuth", which I think refers to
org.apache.cocoon.auth package. [0]
But I haven't yet found documentation on how to use this package in
Cocoon 2.1.11; only JavaDoc pages.

Of the deprecated API items on [1] that have to do with authentication,
the only one that lists a replacement is

org.apache.cocoon.portal.profile.impl.AuthenticationProfileManager


  /Use the |GroupBasedProfileManager|
/


But the doc for GroupBasedProfileManager [2] says "THIS IS A WORK IN
PROGRESS - IT'S NOT FINISHED/WORKING YET".

Is CAuth the latest way to go, in 2.1.11? Is it tied to portals? (I have
no particular interest in using portal, but can if necessary in order to
get authentication in a way that works.)
 I see this in cocoon.xconf:

 
org.apache.cocoon.portal.profile.ProfileManager/CAuth

Does this mean I need to use ProfileManager, or is that just one way to
use CAuth?
When I look up authentication in Cocoon portals [3], it tells me how to
use authentication framework, which I now know is deprecated.

I feel like I've been following hints of various authentication
mechanisms through a "maze of twisty packages, all alike", and not
finding a description of one that actually works in Cocoon 2.1.11.

Help!

(I've also seen hints of Cocoon 2.1.12-dev, but AFAIK that never made it
to release. I don't foresee migrating all our apps to Cocoon 2.2 just to
add authentication to a couple of resources. Instead I would probably
use a selector or something.)

Lars

[0]
http://cocoon.apache.org/2.1/apidocs/org/apache/cocoon/auth/package-summary.html
[1] http://cocoon.apache.org/2.1/apidocs/deprecated-list.html
[2]
http://cocoon.apache.org/2.1/apidocs/org/apache/cocoon/portal/profile/impl/GroupBasedProfileManager.html
[3] http://cocoon.apache.org/2.1/developing/portal/authentication.html


-
To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org
For additional commands, e-mail: users-h...@cocoon.apache.org

Re: authentication framework problem

2012-07-24 Thread Lars Huttar 
On 7/24/2012 9:58 AM, Lars Huttar wrote:
> I wonder if "auth" is the same as "CAuth", which I think refers to
> org.apache.cocoon.auth package. [0]
> But I haven't yet found documentation on how to use this package in
> Cocoon 2.1.11; only JavaDoc pages.

The package seems to exist in Cocoon 2.1.11 [0]. I wonder if I can use
the "Cocoon Authentication" documentation from Cocoon 2.2 [1], aside
from the bean stuff?

I'd prefer to use a non-deprecated package, but I'm willing to use
whatever will do the job with the least complexity.

Lars

[0]
http://cocoon.apache.org/2.1/apidocs/org/apache/cocoon/auth/ApplicationManager.html
[1] http://cocoon.apache.org/2.2/blocks/auth/1.0/1315_1_1.html

-
To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org
For additional commands, e-mail: users-h...@cocoon.apache.org

Re: authentication framework problem

2012-07-25 Thread Lars Huttar 
On 7/24/2012 10:05 AM, Lars Huttar wrote:
> On 7/24/2012 9:58 AM, Lars Huttar wrote:
>> I wonder if "auth" is the same as "CAuth", which I think refers to
>> org.apache.cocoon.auth package. [0]
>> But I haven't yet found documentation on how to use this package in
>> Cocoon 2.1.11; only JavaDoc pages.
> The package seems to exist in Cocoon 2.1.11 [0]. I wonder if I can use
> the "Cocoon Authentication" documentation from Cocoon 2.2 [1], aside
> from the bean stuff?


I've tried this, following the instructions at [1]. The result I'm
getting is that the resource is not protected; everybody is let in,
regardless.

Here is my configuration.

In cocoon.xconf:


  
cocoon:raw://mount/ethnologue-17-pub/authorize


  
org.apache.cocoon.auth.SecurityHandler/ethnopubHandler


Some of the above is guesswork, attempting to convert from bean format
to the older Cocoon 2.1.11 format. Can anybody validate it?

In the top-level sitemap.xmap, under /:

 
 
 
 

(I copied this from the "portal" block's sitemap.)

In the mounted sub-sitemap:

 

 
   
   

 



When I put Cocoon in full DEBUG logging mode, this is the only log
output I get relevant to the authentication of the resource:

DEBUG (2012-07-24) 13:32.52:579 [sitemap]
(/mount/ethnologue-17-pub/dataset/country-header/-/-/source)
catalina-exec-2/LoggedInAction: BEGIN act
resolver=org.apache.cocoon.environment.http.HttpEnvironment@834e7,
objectModel={response=org.apache.cocoon.environment.http.HttpResponse@c92ed6,
source-resolver=org.apache.cocoon.environment.http.HttpEnvironment@834e7, 
request=org.apache.cocoon.environment.http.HttpRequest@21f46a,
context=org.apache.cocoon.environment.http.HttpContext@13598c3,
httpresponse=org.apache.catalina.connector.ResponseFacade@1c06a6d,
org.apache.cocoon.components.CocoonComponentManager=org.apache.cocoon.components.EnvironmentDescription@18b3fee,
httpservletcontext=org.apache.catalina.core.ApplicationContextFacade@1125f92,
httprequest=org.apache.catalina.connector.RequestFacade@14096e6},
source=null, par=Parameters[r/w]:{application=ethnopubapp}
DEBUG (2012-07-24) 13:32.52:579 [sitemap]
(/mount/ethnologue-17-pub/dataset/country-header/-/-/source)
catalina-exec-2/LoggedInAction: END act map={}

Nothing in the log indicates that the authentication resource URI
("cocoon:raw://mount/ethnologue-17-pub/authorize") is even being called.


Help, anyone?

BTW I'm cross-posting this to the dev list, because nobody seems to be
responding on the user list. For previous posts in this thread, see
http://cocoon.markmail.org/thread/fgidpmwxrajormjn

Thanks,
Lars

[1] http://cocoon.apache.org/2.2/blocks/auth/1.0/1315_1_1.html


-
To unsubscribe, e-mail: users-unsubscr...@cocoon.apache.org
For additional commands, e-mail: users-h...@cocoon.apache.org

Re[2]: Authentication framework problem

2004-01-19 Thread Jens Maukisch 
Hi,

> If I want to replace the static xml document with an XSP that
> loads the same data from a database, what I have to load?

> 1) Do I have to select all the users of the portal everytime?
> (NO, I hope! What if I have 1000 or more users???)
You have just to select the user who wants to log in

> 2) In the case I can use request parameters I select from the
> database only the information about the current user, but this is
> possible only in the login step; when the user navigates internal
> pages of the portal I suppose I don't have the username/pasword in
> the request. So the doubt is: What I have to select from the
> database to create the XML
> ...?
You have to select the ID (= username) the role,
and maybe some data

> With other  words: my XSP has to select form database with which parameters??
username and password:
e.g.: select userid, userrole, ... from usertbl where userid =
$username and password = $password;

Trasform the resultset in the correct xml and then it should work
have a look at the sunrise-user.xsl and the sunrise-user.xml

hth

-- 
* best regards
* Jens Maukisch  
* www: http://www.maukisch.net



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Getting additional user's information from session object (authentication framework problem)

2004-05-16 Thread Mariusz Wojcik 



Hi 
I'd like to keep in session some 
additional information about users. My sunrise-user.xml file looks like 
this:
 
*sunrise_user.xml 
**
cocoon   cocoon   cocoon   hello12   **
 
I have no problem with getting ID, and role 
content, but when I use session transformer to get name or age I get this 
result:
 
 session transformer result 
*
cocooncocooncocooncocoon.authenticationhtml
*
As you can see my  
elements, hasn't got  and  children... why 
?
 
This is part of my_session_view.xsp 
file:
 
***my_session_view.xsp 
***
  
 

 
At the sitemap's level I have tried to do it in 
this way (but every time I get nothing). My pipeline is 
auth-protect:
 
 sitemap 
*
 

 
What I'm doing wrong ? How can I get access to 
this additional data in xsp file, and in sitemap (I need them in sitemap too :( 
) ?
 
 
greeting 
mario
 

authentication-Framework: Problem on logout with firefox 1.0.1/ie 6

2005-06-03 Thread Ralph Lange 

Dear Cocoon Users,

Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0

We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)

We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from 
the session,

i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for 
username/pw.


This happens to appear with firefox, ie6, using konqueror it works fine.
Does anyone of you know what happens?

Below are the relevant sitemap snippets.

Any help is kindly appreciated,
Ralph Lange





 
 
 
   
 
 authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>

  
 
   
 


  
 
 
 
   

  
 
   
 
 src="authentication/protectedresource.xsl"/>

 
 
   
  
   

 
 
 
 
 
   
   
   value="{request-param:password}"/>
   value="{request-param:resource}"/>

   
 
 
 
 
 
   
  
   

 
   
   
   
   
 
   
  
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

authentication-Framework: Problem on logout with firefox 1.0.1/ie 6

2005-07-12 Thread Ralph Lange 

Dear Cocoon Users,

Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0

We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)

We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from 
the session,

i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for 
username/pw.


This happens to appear with firefox, opera, using konqueror it works fine.

We already had the same problem some weeks ago, we already wrote on 
users@cocoon.apache.org about this problem.
Another user gave us the solution: 

You may have to explicitly destroy the session upon logging out. I 
experienced that a similar problem and it did work for me.



 
  .



After inserting this snippet, it worked for some weeks. Now, after 
having  put the sitemap to another location, the old problem occurs.


Below are the relevant sitemap snippets.

Any help is kindly appreciated,
Ralph Lange








  

authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>

 

  



 



  

 

  

src="authentication/protectedresource.xsl"/>




  






  
  
  value="{request-param:password}"/>
  value="{request-param:resource}"/>

  





  

   
  
  
  
 
   
   
   
   
 
   
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Getting additional user's information from session object (authentication framework problem)

2004-05-16 Thread Jan Hoskens 



I'm using the authentication framework too, but to 
get something from the session, I use session-fw:
 
xmlns:xsp-session-fw=http://apache.org/xsp/session-fw/1.0
 

String roleFrag = ;
DocumentFragment nameFragment = (DocumentFragment);
 
String name = new String();
for(int i = 0; i< 
nameFragment.getChildNodes().getLength(); i++){
    
nameString.append(nameFragment.getChildNodes().item(i).getNodeValue()); 

} 

 
You can find it at the wiki's: http://wiki.cocoondev.org/Wiki.jsp?page=XspSessionFw
 
I use < .. as="object" ..> in the 
second variable because when I started using this, the <.. as="string" > 
only returned the first text node although the real text in an element may be 
split up in different text nodes. That's also why I have that for loop to append 
each text node to the string to obtain the full text. It's possible that this 
has been changed in the cvs head as I did mail it on this list and there was 
some response by the developer(s) of that logicsheet.
 
Kind Regards, 
Jan

  - Original Message - 
  From: 
  Mariusz 
  Wojcik 
  To: [EMAIL PROTECTED] 
  Sent: Sunday, May 16, 2004 7:53 PM
  Subject: Getting additional user's 
  information from session object (authentication framework problem)
  
  Hi 
  I'd like to keep in session some 
  additional information about users. My sunrise-user.xml file looks like 
  this:
   
  *sunrise_user.xml 
  **
  cocoon   cocoon   cocoon   hello12   **
   
  I have no problem with getting ID, and role 
  content, but when I use session transformer to get name or age I get this 
  result:
   
   session transformer result 
  *
  cocooncocooncocooncocoon.authenticationhtml
  *
  As you can see my  
  elements, hasn't got  and  children... why 
  ?
   
  This is part of my_session_view.xsp 
  file:
   
  ***my_session_view.xsp 
  ***
    
   
  
   
  At the sitemap's level I have tried to do it in 
  this way (but every time I get nothing). My pipeline is 
  auth-protect:
   
   sitemap 
  *
   
  
   
  What I'm doing wrong ? How can I get access 
  to this additional data in xsp file, and in sitemap (I need them in sitemap 
  too :( ) ?
   
   
  greeting 
  mario
   

Re: authentication-Framework: Problem on logout with firefox 1.0.1/ie 6

2005-06-03 Thread Andre Juffer 

Ralph,

You may have to explicitly destroy the session upon logging out. I 
experienced that a similar problem and it did work for me.




  
   .

...


Andre.


Ralph Lange wrote:

Dear Cocoon Users,

Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0

We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)

We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from 
the session,

i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for 
username/pw.


This happens to appear with firefox, ie6, using konqueror it works fine.
Does anyone of you know what happens?

Below are the relevant sitemap snippets.

Any help is kindly appreciated,
Ralph Lange





 
 
 
   
 
 authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>

  
 
   
 


  
 
 
 
   

  
 
   
 
 src="authentication/protectedresource.xsl"/>

 
 
   
 
 
 
 
 
 
   
   
   value="{request-param:password}"/>
   value="{request-param:resource}"/>

   
 
 
 
 
 
   
 
 
   
   
   
   
 
   
  
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




--
Andre H. Juffer  | Phone: +358-8-553 1161
The Biocenter and| Fax: +358-8-553-1141
the Dep. of Biochemistry | Email: [EMAIL PROTECTED]
University of Oulu, Finland  | WWW: www.biochem.oulu.fi/Biocomputing/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: authentication-Framework: Problem on logout with firefox 1.0.1/ie 6

2005-07-12 Thread Andre Juffer 

Hi Ralph,

I gave you that solution you refer to in your email. The only difference 
I see between what you have and what I have, is the following. In your 
sitemap, you have:


>
>   
>   
>   
>  
>
>
>
>
>  
>
>  
> 

However, I have in my sitemap:

  

  
  


  

  

As you can see, I first do the , followed by 
the . You have it the other way around. It seems 
logical that you first do the  before you 
kill the session.


Hopes that helps,
Andre

Ralph Lange wrote:

Dear Cocoon Users,

Our setup: cocon 2.1.5.1, tomcat 5.5.4, jdk 1.5.0

We are using the cocoon authentication framework to protect
some pipelines from public access. Our prototype setup resembles
the examples closely. We implemented the Authenticator-interface
to use our own authentication adapter (DB access, logging, etc.)

We experience the following problem when logging in and out with
firefox and ie6. Logout does not remove the authentication properly from 
the session,

i.e. after having performed the "auth-logout"-action subsequent calls to
"auth-login" return the protected resource without any question for 
username/pw.


This happens to appear with firefox, opera, using konqueror it works fine.

We already had the same problem some weeks ago, we already wrote on 
users@cocoon.apache.org about this problem.

Another user gave us the solution:
You may have to explicitly destroy the session upon logging out. I 
experienced that a similar problem and it did work for me.



 
  .



After inserting this snippet, it worked for some weeks. Now, after 
having  put the sitemap to another location, the old problem occurs.


Below are the relevant sitemap snippets.

Any help is kindly appreciated,
Ralph Lange








  

authenticator="de.abs.efonds24.authentication.MyAuthenticator"/>

 

  



 



  

 

  





  






  
  
  value="{request-param:password}"/>
  value="{request-param:resource}"/>

  





  

   
  
  
  
 
   
   
   
   
 
   
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




--
Andre H. Juffer  | Phone: +358-8-553 1161
The Biocenter and| Fax: +358-8-553-1141
the Dep. of Biochemistry | Email: [EMAIL PROTECTED]
University of Oulu, Finland  | WWW: 
www.biochem.oulu.fi/Biocomputing/index.html


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]