Authentication with Session-Variables?

> On 4/30/07, Marcus <[hidden email]> wrote:
>> The Security-Authentication-Filter works by itself. But there all the
>> files
>> are stored inside the standard root-directory. And there all worls fine.
>> Then i tried to store some kind of "secret-page" into a subdirectory
>> inside
>> the WEB-INF, just like in OF the examples are stored into
>> WEB-INF/resources/apps/myapp/secure.jsp. Note that this testversion
>> doesn't
>> work! Neither on it's own, nor together with OF :-(
>
> Hi Marcus,
>
> My recommendation is to first try to get the
> Security-Authentication-Filter working by itself, with some simple JSP
> file which does not generate XForms, and does not go through Orbeon
> Forms. I you have questions regarding this step, I recommend you ask
> them on the mailing list or forum setup for that filter. You will be
> more likely to find people there who are familiar with that piece of
> software and who will be able to help you.
>
> Alex
> --
> Orbeon Forms - Web 2.0 Forms for the Enterprise
> http://www.orbeon.com/
>
>

> Hi Alex,
>
> as i said, the filter comes with an example war-file and that works
> pretty well!
> Copying the jsp-files to the root of myapp and integrating it to the
> web-xml as posted in my last mail, it also works there!
>
> But in most Webapps the needed files are placed in the root directory or
> on subs, but never inside the WEB-INF directory, just like in OF and
> that seems to be the problem!!!
> Using OF i placed myapp into WEB-INF/resources/apps/myapp and that
> directory can't not be accessed from files out of the root directory. Do
> you understand my problem???
> I need to know, how i can access files inside the WEB-INF, when normal
> webapps are never using that dir for normal files, just for jar and
> class files, but never jsp, html, xhtml or anything like that! But OF is
> working there...
>
> Hope i could make my problem more clear. Sorry, i'm not so good in
> english and i hardly try to do my best :-( Also i have to mention that
> not for every "software" there is a help-forum :-(
> But in this case the problem is, how to access files inside the WEB-INF
> where OFs webapps are stored, you understand?
>
> Thanks, Marcus
>
>
> ----- Original Message ----- From: "Alessandro Vernet" <[hidden email]>
> To: <[hidden email]>
> Sent: Tuesday, May 01, 2007 1:16 AM
> Subject: Re: [ops-users] Authentication with Session-Variables?
>
>
>> On 4/30/07, Marcus <[hidden email]> wrote:
>>> The Security-Authentication-Filter works by itself. But there all the
>>> files
>>> are stored inside the standard root-directory. And there all worls fine.
>>> Then i tried to store some kind of "secret-page" into a subdirectory
>>> inside
>>> the WEB-INF, just like in OF the examples are stored into
>>> WEB-INF/resources/apps/myapp/secure.jsp. Note that this testversion
>>> doesn't
>>> work! Neither on it's own, nor together with OF :-(
>>
>> Hi Marcus,
>>
>> My recommendation is to first try to get the
>> Security-Authentication-Filter working by itself, with some simple JSP
>> file which does not generate XForms, and does not go through Orbeon
>> Forms. I you have questions regarding this step, I recommend you ask
>> them on the mailing list or forum setup for that filter. You will be
>> more likely to find people there who are familiar with that piece of
>> software and who will be able to help you.
>>
>> Alex
>> --
>> Orbeon Forms - Web 2.0 Forms for the Enterprise
>> http://www.orbeon.com/
>>
>>
>
>
> --------------------------------------------------------------------------------
>
>
>
>>
>> --
>> You receive this message as a subscriber of the
>> [hidden email] mailing list.
>> To unsubscribe: mailto:[hidden email]
>> For general help: mailto:[hidden email]?subject=help
>> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>>
>
>

> Marcus,
>
> All the files under WEB-INF are hidden from the outside world, by design
> (Servlet spec). This means you cannot directly access JSP files or HTML
> files under WEB-INF with a direct URL, e.g. you can't have:
>
>   http://localhost:8080/ops/WEB-INF/my-page.jsp
>
> (However, I think that a JSP or servlet accessible from the outside
> world can forward to a JSP or other resource which is private.)
>
> But I am not sure any of this should matter much, because what you want
> to protect are external URLs.
>
> In Orbeon Forms, there is a difference between the external path of
> page, which is defined by a mapping in a page flow, and the internal
> location of the resources used to create that page
>
> Resources happen to be under WEB-INF/resources (the default), because we
> don't want these resources to be publicly visible by default. E.g. we
> don't want users of the application to be able to download the XForms,
> XSLT, XPL, or other configuration files that make up your application.
> We just want them to be able to see the resulting page.
>
> -Erik
>
> Marcus wrote:
>> Hi Alex,
>>
>> as i said, the filter comes with an example war-file and that works
>> pretty well!
>> Copying the jsp-files to the root of myapp and integrating it to the
>> web-xml as posted in my last mail, it also works there!
>>
>> But in most Webapps the needed files are placed in the root directory or
>> on subs, but never inside the WEB-INF directory, just like in OF and
>> that seems to be the problem!!!
>> Using OF i placed myapp into WEB-INF/resources/apps/myapp and that
>> directory can't not be accessed from files out of the root directory. Do
>> you understand my problem???
>> I need to know, how i can access files inside the WEB-INF, when normal
>> webapps are never using that dir for normal files, just for jar and
>> class files, but never jsp, html, xhtml or anything like that! But OF is
>> working there...
>>
>> Hope i could make my problem more clear. Sorry, i'm not so good in
>> english and i hardly try to do my best :-( Also i have to mention that
>> not for every "software" there is a help-forum :-(
>> But in this case the problem is, how to access files inside the WEB-INF
>> where OFs webapps are stored, you understand?
>>
>> Thanks, Marcus
>>
>>
>> ----- Original Message ----- From: "Alessandro Vernet"
>> <[hidden email]>
>> To: <[hidden email]>
>> Sent: Tuesday, May 01, 2007 1:16 AM
>> Subject: Re: [ops-users] Authentication with Session-Variables?
>>
>>
>>> On 4/30/07, Marcus <[hidden email]> wrote:
>>>> The Security-Authentication-Filter works by itself. But there all the
>>>> files
>>>> are stored inside the standard root-directory. And there all worls
>>>> fine.
>>>> Then i tried to store some kind of "secret-page" into a subdirectory
>>>> inside
>>>> the WEB-INF, just like in OF the examples are stored into
>>>> WEB-INF/resources/apps/myapp/secure.jsp. Note that this testversion
>>>> doesn't
>>>> work! Neither on it's own, nor together with OF :-(
>>>
>>> Hi Marcus,
>>>
>>> My recommendation is to first try to get the
>>> Security-Authentication-Filter working by itself, with some simple JSP
>>> file which does not generate XForms, and does not go through Orbeon
>>> Forms. I you have questions regarding this step, I recommend you ask
>>> them on the mailing list or forum setup for that filter. You will be
>>> more likely to find people there who are familiar with that piece of
>>> software and who will be able to help you.
>>>
>>> Alex
>>> --
>>> Orbeon Forms - Web 2.0 Forms for the Enterprise
>>> http://www.orbeon.com/
>>>
>>>
>>
>>
>> --------------------------------------------------------------------------------
>>
>>
>>
>>>
>>> --
>>> You receive this message as a subscriber of the
>>> [hidden email] mailing list.
>>> To unsubscribe: mailto:[hidden email]
>>> For general help: mailto:[hidden email]?subject=help
>>> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>>>
>>
>>
>
>
> --
> Orbeon Forms - Web Forms for the Enterprise Done the Right Way
> http://www.orbeon.com/
>
>

> Marcus,
>
> > FIrst of all, the standard CSS won't be loaded any more - don't know
> > why, but my app is now viewd without any styles out of the css :-( I
> > don't think that should be that way, but with the security-filter
> > working, the css is not applied to my pages any more :-(
>
> It could be that your filter blocks access to CSS files. Try entering
> the path to the CSS file by hand in your browser URL bar to see what
> happens.
>
> > Second Problem is, i think i need access to the OF files as well,
> > because a n app-designed login-form in xhtml will look much more
> > professional and therefore it would be good to work with xforms and
> > OF to aplly the epiloge and the css, don't you think?
>
> Of course. But I don't understand what you mean that you "need access
> to the OF files as well". If you declare your login page in your page
> flow, it will go through the XForms engine and the epilogue like any
> other page.
>
> > And last but not least, i need to call the session-invalid()
> > funktion right from myapp as a kind of trigger or submission. And
> > also the session should become invalid when the users leaves the
> > admin-section, so that the session.invalid() function should be
> > called automatical by loading another section - can you tell me how
> > i can achiev that? Could this be also be done with the page-flow or
> > do i need another workaround?
>
> You can invalidate the session with the oxf:session-invalidator
> processor:
>
> http://www.orbeon.com/ops/doc/reference-authentication#logout
>
> > I thought after successful integrating that security authentication
> > filter i offer to write a little documentation for all the others
> > after finish my exam, so that in the future this option could be
> > used by everyone without having all the starting problems. What do
> > you thing?  Would it be worth the work and a useful paper for your
> > doc?
>
> If well-written, without any doubt :-)
>
> -Erik
>
> --
> Orbeon Forms - Web Forms for the Enterprise Done the Right Way
> http://www.orbeon.com/
>
>
>