cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastien Arbogast <sebastien.arbog...@gmail.com>
Subject Re: Authentication alternatives
Date Fri, 29 Apr 2005 16:04:57 GMT
Thanks to Nacho, I created a few authentication methods which are
quite simple both to use and to understand. In the sitemap, when a
protected resource is requested, requestProtectedResource flowscript
function is called :

<map:match pattern="*">
                    <map:call function="requestProtectedResource">
                        <map:parameter name="protected-resource" value="{1}"/>
                    </map:call>                
                </map:match>

And here are the corresponding flowscript methods (with calls to
Spring services behind to do the business stuff) :

function requestProtectedResource(){
    var protectedResource = cocoon.parameters["protected-resource"];
    
    if(authenticated()){
        accessProtectedResource(protectedResource);
    }
    else{
        login(protectedResource);
    }
}
 
function authenticated(){
    return cocoon.session.username != null;
}
 
function accessProtectedResource(protectedResource){
    //System.out.println("accessing " + protectedResource + "...");
    if(authorized(protectedResource)){
        if(protectedResource == null) cocoon.sendPage("");
        else cocoon.sendPage("views/" + protectedResource);
    }
    else{
        cocoon.sendPage("views/message",{message :
"not-authorized",type:"error"});
    }
}
 
function authorized(protectedResource){
    //System.out.println("authorized for " + protectedResource + " ?");
    getSites();
    var username = cocoon.session.getAttribute("username");
    return sites.checkAuthorization(username,protectedResource);
}
 
function login(protectedResource){
    getUsers();
    var form = new Form("forms/login_d.xml");
    form.showForm("forms/login");
    var model = form.getModel();
    var user = users.authenticateUser(
        model.username,model.password
    );
    if(user != null){
        cocoon.session.setAttribute("username",user.getName());
        accessProtectedResource(protectedResource);
    }
    else{
        cocoon.sendPage("views/incorrect-login");
    }
}

function logout(){
    cocoon.session.removeAttribute("username");
    cocoon.sendPage("");
}

It's not very generic and I need to run a few "monkey tests" and use
Session framework instead of rough session but it gives a general idea
of what can be done without authentication framework when you have a
clean business layer.

When I finish those tests I'll have a look at coward.

-- 
Sebastien ARBOGAST

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message