Thanks for the reply...
As Ard pointed out I need to have an external pipleine for the cron.
In our environment, we have internet and intranet URLs that are
accessible. I can put a check that would only allow the pipeline to be
executed from intranet, but that is not what I need.
I need to check(in the cron pipeline) that it is being executed by the
CRON JOB and not by any external user request. This is the only way I
can prevent unauthorized access to the cron pipeline.
Thanks
Sanket
On 5/9/07, Ard Schrijvers <[EMAIL PROTECTED]> wrote:
Hello,
think I kind of know the setup of Sanket: he needs an external pipeline,
because a host needs to be matched.
@Sanket: you might add a "non-external-existing" host in your sites.xconf, and use
external pipeline. From the outside, nobody will be able to run this one, right. Or, you do have a
normal external pipeline, but you add the port number your cocoon instance is running under, and
you make sure this request cannot be done from "outside"
Ard
>
> Hi Sanket,
>
> do I understand you correct. You want your cronjob to execute an
> external pipeline on the same cocoon instance the cron job is
> runing and
> want to prevent external users from accessing the same pipeline
> manually? Why not use an internal pipeline instead? You could
> create an
> internal pipeline and har code authentication in this pipeline
>
> <map:pipeline internal-only="true">
> <map:match pattern="some-cron-pipeline">
> <map:act type="auth-login">
> <map:parameter name="handler"
> value="authhandler"/>
> <map:parameter name="parameter_username"
> value="{request-param:username}"/>
> <map:parameter name="parameter_password"
> value="{request-param:password}"/>
> <map:parameter name="session-timeout"
> value="540"/>
> <map:act type="auth-protect">
> <map:parameter name="handler"
> value="authhandler"/>
> <map:generate/>
> <map:transform/>
> <map:serialize/>
> </map:act>
> </map:act>
> </map:match>
>
> Havent tested this thogh ...my CronJobs don't need
> authentication since
> they are internal pipelines and I allways know who I am ;)
>
> Chris
>
> Sanket Pattekar schrieb:
> > Hi,
> >
> > I am using a cron job that fires daily, which call the pipeline as
> > follows
> >
> > <component
> > class="org.apache.cocoon.components.cron.CocoonPipelineCronJob"
> > logger="core"
> > role="org.apache.cocoon.components.cron.CronJob/pipeline-daily">
> > <pipeline>some-external-pipeline</pipeline>
> > </component>
> >
> > The above cron job uses an extaernal pipeline, it can also
> be accessed
> > by the external user. I want to prevent the same, and some
> > authentication, so that this pipeline is only executed when called
> > from a cron job and not explicitly.
> >
> > Is there any I can check the same.
> >
> > Sanket
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
