I didn't have the answers to your questions immediately but I have done some digging throught he source code and can hopefully give you a head start on your understanding...
Sonny Sukumar wrote:
[2 of these questions I sent a couple days ago but got no reply and haven't figured them out. They pertain to Cocoon's Authentication Framework. Thanks.]
These 3 questions are based on this doc: http://cocoon.apache.org/2.1/developing/webapps/authentication.html
1.) The doc states "If the authentication is successful, a session object is created on the server (if not already done). If the authentication fails, the error information delivered by the authentication resource is stored into the temporary context (which is named simply 'temp')."
Question: Where is this 'temp' context stored, if not in the session?
The temporary context is stored in the session and it is stored with the key "temporary" or more specifically in the org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator
you will find reference to the SessionConstants.TEMPORARY_CONTEXT being used. This is used in conjunction with the SessionManager.
2.) Where is the "login" tag of the login resource referred to in this statement?:
'If the authentication is not successful, the resource must create an XML with the root node "authentication". In addition a "data" node can be added containing more information about the unsuccessful attempt. **This data node is then added inside the "login" tag of the login resource.**'
I'm not sure that a login tag is created. The temprary context should contain an XML fragment which looks like the following:
<authentication>
<failed/>
<data>Any error message which was set by your authentication handler</data>
</authentication>
This I get from reading the few lines above the SessionConstants.TEMPORARY_CONTEXT code I mentioned above.
3.) Is it necessary to use the "raw:" subprotocol here for not forwarding request params? As in:
<handler name="unique"> <!-- The login resource --> <redirect-to uri="cocoon:raw://loginpage"/> <authentication uri="cocoon:raw://authenticationresource"/> </handler>
It says "...this resource is requested by the framework with the given parameters from the auth-login action" referring to the authentication resource, so perhaps the "raw:" subprotocol is there to prevent duplicate request params? I'm just guessing here...
I'll leave you to your guess here.
I hope I've at least been able to provide a little help.
Andrew
Thanks,
Sonny
_________________________________________________________________
<b>Get MSN 8</b> and enjoy automatic e-mail virus protection. http://join.msn.com/?page=features/virus
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
