cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Merico Raffaele <>
Subject AW: Authentication question
Date Mon, 07 Nov 2005 07:25:19 GMT
Hi Gerry

It could be done in the following way:

In the <map:act type="auth-login"> where you do your login check you have
authorisation-OK processing step. This one could be a <map:redirect-to
uri="check-user-account-status"/>. In the "check-user-account-status"
pipeline you can 
a) act depending on the account status, that can be checked by an specific
b) passing the control to a JavaScript that calls a pipeline depending on
its result

That's just an idea, any improvements are welcome ... Raffaele

PS: But what do you do, if the users account status gets disabled during it
is logged in? Should you not check the status on every request and design
your response processing on the possibility of an OK or NOK status. If you
would, it would solve the other problem automatically.

> -----Urspr√ľngliche Nachricht-----
> Von: Gerry Kaplan []
> Gesendet: Montag, 7. November 2005 04:18
> An:
> Betreff: Authentication question
> My application requires an additional step for authentication. First, the
> user id and password must be validated as usual. I have this part working
> just fine. Once the user is authenticated, an additional check needs to be
> made to determine whether the user's account status is "active". If the
> user
> is "suspended" (possibly due to a declined credit card transaction), then
> I
> want the user to be redirected to a page which tells them to contact
> customer support -- they should not be allowed to be authenticated.
> What is the best way to handle this.
> Here's a simple flow for what I need:
> User fills in the login page.
> If userid/pwd correct
>    if account status is "OK"
>       redirect to user's home page
>    else
>       invalidate the user's session
>       redirect to "contact us" page
>    end-if
> Else
>    redirect to "incorrect pwd, try again" page.
> End-if
> Certainly this is a common scenario. I read through the Authentication
> framework and understand the basic authentication (which is working fine),
> but I don't understand what the additional configuration options give me
> (there's no examples of how to use them).
> Help please?
> Gerry

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message