On Wed, 2005-12-14 at 15:52 +0100, Antonio Fiol Bonnín wrote: > 2005/12/13, Stan Dyck <[EMAIL PROTECTED]>: > > The question is how to do a lookup for the content of the second page > > after the sendPageAndWait call in my flowscript. My script calls the > > login method on an AuthenticationManager to verify authentication. I use > > this as my check for passing onto the second phase, so I figured that > > I'd have an authentication context that I could pull data from. But I > > can't figure out how to access this context (or any other, for that > > matter) from within a flowscript. > > Not sure if it may help, but I have this code on my app, and it is working. > > ... > var contextMan = > cocoon.getComponent(Packages.org.apache.cocoon.webapps.session.ContextManager.ROLE); > var authContext = contextMan.getContext("authentication"); > if(authContext!=null) { > var userFrag = authContext.getXML("/authentication/ID"); > var username = > Packages.org.apache.cocoon.xml.dom.DOMUtil.getValueOfNode(userFrag); > // Obtenemos la informacion de permisos de la sesión > var userData = authContext.getXML("/authentication/data/permisos"); > ... > > HTH, > > -- > Antonio
Thanks, Antonio! I was actually taking this approach with some success until I realized that I had a Mack truck-sized hole in my approach. I'll detail below for the archives. The flowscript function for the first form in the two phase authentication was calling the login method of the AuthenticationManager. This allowed me to verify a user name and password and look up information for the second phase form. The problem is that it appears that once the login method is called and returns a non-null value, as far as cocoon is concerned, the user is authenticated; a session is generated and an authentication context exists. That means that a user can bypass the second phase form and go directly to protected content. My workaround has been to write a separate authenticating class that does not use the login method. The first form uses this custom class to verify user id/password credentials. The second form then uses the user id to construct the second form. When the second form is successfully processed, the login method is called and the authentication context is constructed. I realize I'm a little light on details here, but if anyone has bothered to read to this point and sees any glaring holes in this approach, I'd appreciate it if you'd let me know. Thanks, StanD. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]