Hello Matthew, Let me start my commending U on the well written article, however I have some questions ........
I have played around with the sunshine basic authentication and it works , however my requirements are the following.. Please advise whether this can be achieved with the current architecture or should I forego using sunRise Following is the pipeline fragment <map:match pattern="protected/**"> <map:act type="sunRise-auth"> <map:parameter name="handler" value="foo-handler"/> </map:act> <map:generate type="serverpages " src ="docs/xsp/{1}" /> <map:transform src="stylesheets/html/mainhtml.xsl" /> <map:serialize /> </map:match> The requirement is that any pattern with URI protected/* should be authenticated. Let me explain what would happen 1. For the first access to the protected/* resource 2. The sunrise Auth action redirects the request to the login page 3. The pipeline for login page will throw an html page that calls the pipeline foo-login. a. If the login is successful that it gets redirected to foo-protected b. If failure it executes the pipeline fragment defined outside the action sunRise-login Question: For first time access, How does foo-authUser gets called at all? If the access for the protected is not the first time 1. The uri for authentication is invoked .In this case foo-authuser. If there is a validation against database, for each access There is database access (Am I right). 2. If there is a failure in authuser (for eg: password changed somehow or user was made inactive in database), what will happen. If the access to the protected/* had some request parameters for eg: /protected/testXSP?param=a¶m2=b Since there is a URL post to the login page, wouldn't the request be re-written and all the parameters get lost and when the user is redirected to the original url The request object is not the original one. In the context of the above example 1. User requests the URL /protected/testXSP?param1=a¶m2=b 2. Let us assume that this is the first access. The user is redirected to the login page. 3. User enters user id and password and this presses submit button. 4. The user gets authenticated and gets re-directed to the original resource /protected/testXSP. How will I get the original request patameters param1 & param2. Since the user was redirected many times the request object is not the original one. In my view, sunshine authentication should only be used for login and not for page level authentication as user may loose the request parameters. (I hope I am wrong) Also in the tutorial (http://www.need-a-cake.com/stories/2002/02/28/usingTheSunriseComponents .html ), there is a mention about how to ensure that the user get re-directed to the original requested resource. Should the sunrise Action be modified (by code) to achieve this or is it possible with configuration. (How do I pass the resource parameter from pipeline fragment to the sunrise Action) ? Can anyone describe the setup, if one has achieved this Sorry for the length mail, I hope I've stated my case... Regds, Chiths --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faqs.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>