Authentication with Session-Variables?
Locked
12
12
 
|
Hi,
i need Authentication with my webapp. My Problem
is, that i don#t have access to the tomcat-files, so i need another way to do
that! I thought perhaps i can deal with some session variables or something like
that? eXist offers some kind of session-variables which i can set and request.
Is there anything similar within OPS? Can't find an example or information on
that - did i searched the wrong places?
The workflow would be:
1. Login over a simple Login-Page with
xforms?
2. Set Sessions Variables with username and
password
3. while dealing with exist use that information
within xxforms:username and xxforms:password
4. at the end logout and delete the
session-variables
Is that possible? Where can i find more information
on that?
Any help is very welcome,
thanks, Marcus
-- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
Administrator
|
Hi Marcus,
You can store XML documents in the session with the Scope serializer, and retrieve them with the Scope generator. See: http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer http://www.orbeon.com/ops/doc/processors-generators#scope-generator One downside of not using the container (Tomcat) authentication is that you will need to add some code to each page. You can get around this by adding this code automatically to all your page in the epilogue. Alex On 4/24/07, Marcus <[hidden email]> wrote: > > > Hi, > > i need Authentication with my webapp. My Problem is, that i don#t have > access to the tomcat-files, so i need another way to do that! I thought > perhaps i can deal with some session variables or something like that? eXist > offers some kind of session-variables which i can set and request. Is there > anything similar within OPS? Can't find an example or information on that - > did i searched the wrong places? > > The workflow would be: > 1. Login over a simple Login-Page with xforms? > 2. Set Sessions Variables with username and password > 3. while dealing with exist use that information within xxforms:username and > xxforms:password > 4. at the end logout and delete the session-variables > > Is that possible? Where can i find more information on that? > > Any help is very welcome, > thanks, Marcus > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > -- Orbeon Forms - Web 2.0 Forms for the Enterprise http://www.orbeon.com/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Hi,
thanks for the fast answer. The Scope seems to be a good oportunity to save those data. As a have not worked with pipelines and prozessors before, are there easy examples where i can find some code fragments, showing me how to use that? Binding a testcase that requests the scope data and than shows the page or redirects to the login-page i think was the "workaround" you ment, didn't you? Shouldn't something like that be tested within the xforms-ready-aktion? Does the epiloge provides that possibility or is it ok to have two xforms-ready-actions in one document? Also i need the pipelines for automatic generating xquery statements for requesting the exist db i think. I want to provide a search form and with those data (search-phrase, tables to search in, filters, search-method, ...) stored in a simple instance i have to produce then an automatic generated xquery statement and query the exist-db. I don't think that somethink similar to that could be found in one of your examples? Thanks for your support! Marcus ----- Original Message ----- From: "Alessandro Vernet" <[hidden email]> To: <[hidden email]> Sent: Wednesday, April 25, 2007 3:16 AM Subject: Re: [ops-users] Authentication with Session-Variables? > Hi Marcus, > > You can store XML documents in the session with the Scope serializer, > and retrieve them with the Scope generator. See: > > http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer > http://www.orbeon.com/ops/doc/processors-generators#scope-generator > > One downside of not using the container (Tomcat) authentication is > that you will need to add some code to each page. You can get around > this by adding this code automatically to all your page in the > epilogue. > > Alex > > On 4/24/07, Marcus <[hidden email]> wrote: >> >> >> Hi, >> >> i need Authentication with my webapp. My Problem is, that i don#t have >> access to the tomcat-files, so i need another way to do that! I thought >> perhaps i can deal with some session variables or something like that? >> eXist >> offers some kind of session-variables which i can set and request. Is >> there >> anything similar within OPS? Can't find an example or information on >> that - >> did i searched the wrong places? >> >> The workflow would be: >> 1. Login over a simple Login-Page with xforms? >> 2. Set Sessions Variables with username and password >> 3. while dealing with exist use that information within xxforms:username >> and >> xxforms:password >> 4. at the end logout and delete the session-variables >> >> Is that possible? Where can i find more information on that? >> >> Any help is very welcome, >> thanks, Marcus >> >> -- >> You receive this message as a subscriber of the [hidden email] >> mailing list. >> To unsubscribe: mailto:[hidden email] >> For general help: mailto:[hidden email]?subject=help >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> >> > > > -- > Orbeon Forms - Web 2.0 Forms for the Enterprise > http://www.orbeon.com/ > > -------------------------------------------------------------------------------- > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
Administrator
|
Hi Marcus,
You can have multiple action handlers for xforms-ready in your XForms model. And you can find examples of XPL files in the examples, under that apps directory. But the more I think about this, the less I like it. Letting the container handle authentication works really well. Is there really no way you can do this at the container (e.g. Tomcat) level? If you can't modify any of the container files, maybe another option is to do the authentication with a servlet filter. Would this work better? Alex On 4/24/07, Marcus <[hidden email]> wrote: > Hi, > thanks for the fast answer. The Scope seems to be a good oportunity to save > those data. > As a have not worked with pipelines and prozessors before, are there easy > examples where i can find some code fragments, showing me how to use that? > Binding a testcase that requests the scope data and than shows the page or > redirects to the login-page i think was the "workaround" you ment, didn't > you? Shouldn't something like that be tested within the xforms-ready-aktion? > Does the epiloge provides that possibility or is it ok to have two > xforms-ready-actions in one document? > > Also i need the pipelines for automatic generating xquery statements for > requesting the exist db i think. I want to provide a search form and with > those data (search-phrase, tables to search in, filters, search-method, ...) > stored in a simple instance i have to produce then an automatic generated > xquery statement and query the exist-db. I don't think that somethink > similar to that could be found in one of your examples? > > Thanks for your support! > Marcus > > ----- Original Message ----- > From: "Alessandro Vernet" <[hidden email]> > To: <[hidden email]> > Sent: Wednesday, April 25, 2007 3:16 AM > Subject: Re: [ops-users] Authentication with Session-Variables? > > > > Hi Marcus, > > > > You can store XML documents in the session with the Scope serializer, > > and retrieve them with the Scope generator. See: > > > > http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer > > http://www.orbeon.com/ops/doc/processors-generators#scope-generator > > > > One downside of not using the container (Tomcat) authentication is > > that you will need to add some code to each page. You can get around > > this by adding this code automatically to all your page in the > > epilogue. > > > > Alex > > > > On 4/24/07, Marcus <[hidden email]> wrote: > >> > >> > >> Hi, > >> > >> i need Authentication with my webapp. My Problem is, that i don#t have > >> access to the tomcat-files, so i need another way to do that! I thought > >> perhaps i can deal with some session variables or something like that? > >> eXist > >> offers some kind of session-variables which i can set and request. Is > >> there > >> anything similar within OPS? Can't find an example or information on > >> that - > >> did i searched the wrong places? > >> > >> The workflow would be: > >> 1. Login over a simple Login-Page with xforms? > >> 2. Set Sessions Variables with username and password > >> 3. while dealing with exist use that information within xxforms:username > >> and > >> xxforms:password > >> 4. at the end logout and delete the session-variables > >> > >> Is that possible? Where can i find more information on that? > >> > >> Any help is very welcome, > >> thanks, Marcus > >> > >> -- > >> You receive this message as a subscriber of the [hidden email] > >> mailing list. > >> To unsubscribe: mailto:[hidden email] > >> For general help: mailto:[hidden email]?subject=help > >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > >> > >> > > > > > > -- > > Orbeon Forms - Web 2.0 Forms for the Enterprise > > http://www.orbeon.com/ > > > > > > > -------------------------------------------------------------------------------- > > > > > > -- > > You receive this message as a subscriber of the [hidden email] > > mailing list. > > To unsubscribe: mailto:[hidden email] > > For general help: mailto:[hidden email]?subject=help > > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > > > > > -- > You receive this message as a subscriber of the [hidden email] mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > -- Orbeon Forms - Web 2.0 Forms for the Enterprise http://www.orbeon.com/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Hi ,
ok, some background on my project. I study Informatic and right now i have to do my last exam. For that i have to programm a database-application for another project. The have to collect some data for later presentation and searching on the web. So there should be two seperate sections. One administration section, to enter, update or delete data and than the normal user-section, where you can search for, display and save the searched datafiles. Therefor i used your government example for collecting the data within different forms and now i have to make the administration section secure, so i need a user login! The problem with the tomcat container is, that i have no access rights. The only thing i can do is to deploy my application there. For every restart i have to mail the webadmin and i asked him about the tomcat-user-configuration and he said i shouldn't work with that. Now i looking for another workaround. I'm very new in working with OPS and eXist and the whole XML-theme, but i'm very interessted in it and perhaps my job after finished my study in 2-3 months will also be building webapplications with XML. As you may have noticed, I#m writting very often to the help-forum and thats why i havn't got much time left. I also have to do my written work very urgent. :-(( In the beginning i lost much time with trying every thing by myself - i love learning by doing, but at the moment i need some help with the big themes left. I hope in the future i'll be able to support the help-forum more while developing webapps at my job and so give something back. You do a great work... So, sorry for the little story - back to your question: What is a Servlet-Filter and where can i find information on that? Perhaps i can use that, but i don't know how :-( Marcus ----- Original Message ----- From: "Alessandro Vernet" <[hidden email]> To: <[hidden email]> Sent: Thursday, April 26, 2007 1:25 AM Subject: Re: [ops-users] Authentication with Session-Variables? > Hi Marcus, > > You can have multiple action handlers for xforms-ready in your XForms > model. And you can find examples of XPL files in the examples, under > that apps directory. But the more I think about this, the less I like > it. Letting the container handle authentication works really well. Is > there really no way you can do this at the container (e.g. Tomcat) > level? > > If you can't modify any of the container files, maybe another option > is to do the authentication with a servlet filter. Would this work > better? > > Alex > > On 4/24/07, Marcus <[hidden email]> wrote: >> Hi, >> thanks for the fast answer. The Scope seems to be a good oportunity to >> save >> those data. >> As a have not worked with pipelines and prozessors before, are there easy >> examples where i can find some code fragments, showing me how to use >> that? >> Binding a testcase that requests the scope data and than shows the page >> or >> redirects to the login-page i think was the "workaround" you ment, didn't >> you? Shouldn't something like that be tested within the >> xforms-ready-aktion? >> Does the epiloge provides that possibility or is it ok to have two >> xforms-ready-actions in one document? >> >> Also i need the pipelines for automatic generating xquery statements for >> requesting the exist db i think. I want to provide a search form and with >> those data (search-phrase, tables to search in, filters, search-method, >> ...) >> stored in a simple instance i have to produce then an automatic generated >> xquery statement and query the exist-db. I don't think that somethink >> similar to that could be found in one of your examples? >> >> Thanks for your support! >> Marcus >> >> ----- Original Message ----- >> From: "Alessandro Vernet" <[hidden email]> >> To: <[hidden email]> >> Sent: Wednesday, April 25, 2007 3:16 AM >> Subject: Re: [ops-users] Authentication with Session-Variables? >> >> >> > Hi Marcus, >> > >> > You can store XML documents in the session with the Scope serializer, >> > and retrieve them with the Scope generator. See: >> > >> > http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer >> > http://www.orbeon.com/ops/doc/processors-generators#scope-generator >> > >> > One downside of not using the container (Tomcat) authentication is >> > that you will need to add some code to each page. You can get around >> > this by adding this code automatically to all your page in the >> > epilogue. >> > >> > Alex >> > >> > On 4/24/07, Marcus <[hidden email]> wrote: >> >> >> >> >> >> Hi, >> >> >> >> i need Authentication with my webapp. My Problem is, that i don#t have >> >> access to the tomcat-files, so i need another way to do that! I >> >> thought >> >> perhaps i can deal with some session variables or something like that? >> >> eXist >> >> offers some kind of session-variables which i can set and request. Is >> >> there >> >> anything similar within OPS? Can't find an example or information on >> >> that - >> >> did i searched the wrong places? >> >> >> >> The workflow would be: >> >> 1. Login over a simple Login-Page with xforms? >> >> 2. Set Sessions Variables with username and password >> >> 3. while dealing with exist use that information within >> >> xxforms:username >> >> and >> >> xxforms:password >> >> 4. at the end logout and delete the session-variables >> >> >> >> Is that possible? Where can i find more information on that? >> >> >> >> Any help is very welcome, >> >> thanks, Marcus >> >> >> >> -- >> >> You receive this message as a subscriber of the >> >> [hidden email] >> >> mailing list. >> >> To unsubscribe: mailto:[hidden email] >> >> For general help: mailto:[hidden email]?subject=help >> >> ObjectWeb mailing lists service home page: >> >> http://www.objectweb.org/wws >> >> >> >> >> > >> > >> > -- >> > Orbeon Forms - Web 2.0 Forms for the Enterprise >> > http://www.orbeon.com/ >> > >> > >> >> >> -------------------------------------------------------------------------------- >> >> >> > >> > -- >> > You receive this message as a subscriber of the [hidden email] >> > mailing list. >> > To unsubscribe: mailto:[hidden email] >> > For general help: mailto:[hidden email]?subject=help >> > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> > >> >> >> >> >> -- >> You receive this message as a subscriber of the [hidden email] >> mailing list. >> To unsubscribe: mailto:[hidden email] >> For general help: mailto:[hidden email]?subject=help >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> >> > > > -- > Orbeon Forms - Web 2.0 Forms for the Enterprise > http://www.orbeon.com/ > > -------------------------------------------------------------------------------- > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
|
Hi Marcus,
For our project, we have successfully implemented a servlet filter that authenticates against an LDAP server. You will have to modify web.xml for your webapp to enable the filter. Right now we have it working well running the authentication filter before the Orbeon Forms filter. Hopefully you have access to web.xml. You shouldn't have to touch server.xml. <filter> <filter-name>erp-auth-filter</filter-name> <filter-class>net.intelenet.servlet.AuthFilter</filter-class> </filter> <filter> <filter-name>ops-main-filter</filter-name> <filter-class>org.orbeon.oxf.servlet.OPSServletFilter</filter-class> .... <filter-mapping> <filter-name>erp-auth-filter</filter-name> <url-pattern>*.xhtml</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ops-main-filter</filter-name> <url-pattern>*.xhtml</url-pattern> </filter-mapping> Googling servlet filters will retrieve plenty of info on Servlet Filters. Larry Marcus wrote: Hi , -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
Administrator
|
In reply to this post by Marcus-2
Marcus,
A servlet filter is a piece of code that runs before or after the actual servlet. One use of filters is to do authentication, essentially doing what the container (Tomcat) would do in those cases where you don't want to use the facility provided by the container. Try to google "servlet authentication filter", and you will find a number of articles and examples about this. Alex On 4/25/07, Marcus <[hidden email]> wrote: > Hi , > ok, some background on my project. > I study Informatic and right now i have to do my last exam. For that i have > to programm a database-application for another project. The have to collect > some data for later presentation and searching on the web. So there should > be two seperate sections. One administration section, to enter, update or > delete data and than the normal user-section, where you can search for, > display and save the searched datafiles. > Therefor i used your government example for collecting the data within > different forms and now i have to make the administration section secure, so > i need a user login! > > The problem with the tomcat container is, that i have no access rights. The > only thing i can do is to deploy my application there. For every restart i > have to mail the webadmin and i asked him about the > tomcat-user-configuration and he said i shouldn't work with that. Now i > looking for another workaround. > > I'm very new in working with OPS and eXist and the whole XML-theme, but i'm > very interessted in it and perhaps my job after finished my study in 2-3 > months will also be building webapplications with XML. As you may have > noticed, I#m writting very often to the help-forum and thats why i havn't > got much time left. I also have to do my written work very urgent. :-(( In > the beginning i lost much time with trying every thing by myself - i love > learning by doing, but at the moment i need some help with the big themes > left. I hope in the future i'll be able to support the help-forum more while > developing webapps at my job and so give something back. You do a great > work... > > So, sorry for the little story - back to your question: > What is a Servlet-Filter and where can i find information on that? Perhaps i > can use that, but i don't know how :-( > > Marcus > > > ----- Original Message ----- > From: "Alessandro Vernet" <[hidden email]> > To: <[hidden email]> > Sent: Thursday, April 26, 2007 1:25 AM > Subject: Re: [ops-users] Authentication with Session-Variables? > > > > Hi Marcus, > > > > You can have multiple action handlers for xforms-ready in your XForms > > model. And you can find examples of XPL files in the examples, under > > that apps directory. But the more I think about this, the less I like > > it. Letting the container handle authentication works really well. Is > > there really no way you can do this at the container (e.g. Tomcat) > > level? > > > > If you can't modify any of the container files, maybe another option > > is to do the authentication with a servlet filter. Would this work > > better? > > > > Alex > > > > On 4/24/07, Marcus <[hidden email]> wrote: > >> Hi, > >> thanks for the fast answer. The Scope seems to be a good oportunity to > >> save > >> those data. > >> As a have not worked with pipelines and prozessors before, are there easy > >> examples where i can find some code fragments, showing me how to use > >> that? > >> Binding a testcase that requests the scope data and than shows the page > >> or > >> redirects to the login-page i think was the "workaround" you ment, didn't > >> you? Shouldn't something like that be tested within the > >> xforms-ready-aktion? > >> Does the epiloge provides that possibility or is it ok to have two > >> xforms-ready-actions in one document? > >> > >> Also i need the pipelines for automatic generating xquery statements for > >> requesting the exist db i think. I want to provide a search form and with > >> those data (search-phrase, tables to search in, filters, search-method, > >> ...) > >> stored in a simple instance i have to produce then an automatic generated > >> xquery statement and query the exist-db. I don't think that somethink > >> similar to that could be found in one of your examples? > >> > >> Thanks for your support! > >> Marcus > >> > >> ----- Original Message ----- > >> From: "Alessandro Vernet" <[hidden email]> > >> To: <[hidden email]> > >> Sent: Wednesday, April 25, 2007 3:16 AM > >> Subject: Re: [ops-users] Authentication with Session-Variables? > >> > >> > >> > Hi Marcus, > >> > > >> > You can store XML documents in the session with the Scope serializer, > >> > and retrieve them with the Scope generator. See: > >> > > >> > http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer > >> > http://www.orbeon.com/ops/doc/processors-generators#scope-generator > >> > > >> > One downside of not using the container (Tomcat) authentication is > >> > that you will need to add some code to each page. You can get around > >> > this by adding this code automatically to all your page in the > >> > epilogue. > >> > > >> > Alex > >> > > >> > On 4/24/07, Marcus <[hidden email]> wrote: > >> >> > >> >> > >> >> Hi, > >> >> > >> >> i need Authentication with my webapp. My Problem is, that i don#t have > >> >> access to the tomcat-files, so i need another way to do that! I > >> >> thought > >> >> perhaps i can deal with some session variables or something like that? > >> >> eXist > >> >> offers some kind of session-variables which i can set and request. Is > >> >> there > >> >> anything similar within OPS? Can't find an example or information on > >> >> that - > >> >> did i searched the wrong places? > >> >> > >> >> The workflow would be: > >> >> 1. Login over a simple Login-Page with xforms? > >> >> 2. Set Sessions Variables with username and password > >> >> 3. while dealing with exist use that information within > >> >> xxforms:username > >> >> and > >> >> xxforms:password > >> >> 4. at the end logout and delete the session-variables > >> >> > >> >> Is that possible? Where can i find more information on that? > >> >> > >> >> Any help is very welcome, > >> >> thanks, Marcus > >> >> > >> >> -- > >> >> You receive this message as a subscriber of the > >> >> [hidden email] > >> >> mailing list. > >> >> To unsubscribe: mailto:[hidden email] > >> >> For general help: mailto:[hidden email]?subject=help > >> >> ObjectWeb mailing lists service home page: > >> >> http://www.objectweb.org/wws > >> >> > >> >> > >> > > >> > > >> > -- > >> > Orbeon Forms - Web 2.0 Forms for the Enterprise > >> > http://www.orbeon.com/ > >> > > >> > > >> > >> > >> -------------------------------------------------------------------------------- > >> > >> > >> > > >> > -- > >> > You receive this message as a subscriber of the [hidden email] > >> > mailing list. > >> > To unsubscribe: mailto:[hidden email] > >> > For general help: mailto:[hidden email]?subject=help > >> > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > >> > > >> > >> > >> > >> > >> -- > >> You receive this message as a subscriber of the [hidden email] > >> mailing list. > >> To unsubscribe: mailto:[hidden email] > >> For general help: mailto:[hidden email]?subject=help > >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > >> > >> > > > > > > -- > > Orbeon Forms - Web 2.0 Forms for the Enterprise > > http://www.orbeon.com/ > > > > > > > -------------------------------------------------------------------------------- > > > > > > -- > > You receive this message as a subscriber of the [hidden email] > > mailing list. > > To unsubscribe: mailto:[hidden email] > > For general help: mailto:[hidden email]?subject=help > > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > > > > > -- > You receive this message as a subscriber of the [hidden email] mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > -- Orbeon Forms - Web 2.0 Forms for the Enterprise http://www.orbeon.com/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Hi Alex,
thanks a lot for that. Found the following page: http://securityfilter.sourceforge.net/ Any other SecurityFilters you worked with - this one seems to be a good example. I'll try it tomorrow and give you feedback on that if you want. If you have further hints, please let me know! Marcus ----- Original Message ----- From: "Alessandro Vernet" <[hidden email]> To: <[hidden email]> Sent: Thursday, April 26, 2007 2:30 AM Subject: Re: [ops-users] Authentication with Session-Variables? > Marcus, > > A servlet filter is a piece of code that runs before or after the > actual servlet. One use of filters is to do authentication, > essentially doing what the container (Tomcat) would do in those cases > where you don't want to use the facility provided by the container. > Try to google "servlet authentication filter", and you will find a > number of articles and examples about this. > > Alex > > On 4/25/07, Marcus <[hidden email]> wrote: >> Hi , >> ok, some background on my project. >> I study Informatic and right now i have to do my last exam. For that i >> have >> to programm a database-application for another project. The have to >> collect >> some data for later presentation and searching on the web. So there >> should >> be two seperate sections. One administration section, to enter, update or >> delete data and than the normal user-section, where you can search for, >> display and save the searched datafiles. >> Therefor i used your government example for collecting the data within >> different forms and now i have to make the administration section secure, >> so >> i need a user login! >> >> The problem with the tomcat container is, that i have no access rights. >> The >> only thing i can do is to deploy my application there. For every restart >> i >> have to mail the webadmin and i asked him about the >> tomcat-user-configuration and he said i shouldn't work with that. Now i >> looking for another workaround. >> >> I'm very new in working with OPS and eXist and the whole XML-theme, but >> i'm >> very interessted in it and perhaps my job after finished my study in 2-3 >> months will also be building webapplications with XML. As you may have >> noticed, I#m writting very often to the help-forum and thats why i havn't >> got much time left. I also have to do my written work very urgent. :-(( >> In >> the beginning i lost much time with trying every thing by myself - i love >> learning by doing, but at the moment i need some help with the big themes >> left. I hope in the future i'll be able to support the help-forum more >> while >> developing webapps at my job and so give something back. You do a great >> work... >> >> So, sorry for the little story - back to your question: >> What is a Servlet-Filter and where can i find information on that? >> Perhaps i >> can use that, but i don't know how :-( >> >> Marcus >> >> >> ----- Original Message ----- >> From: "Alessandro Vernet" <[hidden email]> >> To: <[hidden email]> >> Sent: Thursday, April 26, 2007 1:25 AM >> Subject: Re: [ops-users] Authentication with Session-Variables? >> >> >> > Hi Marcus, >> > >> > You can have multiple action handlers for xforms-ready in your XForms >> > model. And you can find examples of XPL files in the examples, under >> > that apps directory. But the more I think about this, the less I like >> > it. Letting the container handle authentication works really well. Is >> > there really no way you can do this at the container (e.g. Tomcat) >> > level? >> > >> > If you can't modify any of the container files, maybe another option >> > is to do the authentication with a servlet filter. Would this work >> > better? >> > >> > Alex >> > >> > On 4/24/07, Marcus <[hidden email]> wrote: >> >> Hi, >> >> thanks for the fast answer. The Scope seems to be a good oportunity to >> >> save >> >> those data. >> >> As a have not worked with pipelines and prozessors before, are there >> >> easy >> >> examples where i can find some code fragments, showing me how to use >> >> that? >> >> Binding a testcase that requests the scope data and than shows the >> >> page >> >> or >> >> redirects to the login-page i think was the "workaround" you ment, >> >> didn't >> >> you? Shouldn't something like that be tested within the >> >> xforms-ready-aktion? >> >> Does the epiloge provides that possibility or is it ok to have two >> >> xforms-ready-actions in one document? >> >> >> >> Also i need the pipelines for automatic generating xquery statements >> >> for >> >> requesting the exist db i think. I want to provide a search form and >> >> with >> >> those data (search-phrase, tables to search in, filters, >> >> search-method, >> >> ...) >> >> stored in a simple instance i have to produce then an automatic >> >> generated >> >> xquery statement and query the exist-db. I don't think that somethink >> >> similar to that could be found in one of your examples? >> >> >> >> Thanks for your support! >> >> Marcus >> >> >> >> ----- Original Message ----- >> >> From: "Alessandro Vernet" <[hidden email]> >> >> To: <[hidden email]> >> >> Sent: Wednesday, April 25, 2007 3:16 AM >> >> Subject: Re: [ops-users] Authentication with Session-Variables? >> >> >> >> >> >> > Hi Marcus, >> >> > >> >> > You can store XML documents in the session with the Scope >> >> > serializer, >> >> > and retrieve them with the Scope generator. See: >> >> > >> >> > http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer >> >> > http://www.orbeon.com/ops/doc/processors-generators#scope-generator >> >> > >> >> > One downside of not using the container (Tomcat) authentication is >> >> > that you will need to add some code to each page. You can get around >> >> > this by adding this code automatically to all your page in the >> >> > epilogue. >> >> > >> >> > Alex >> >> > >> >> > On 4/24/07, Marcus <[hidden email]> wrote: >> >> >> >> >> >> >> >> >> Hi, >> >> >> >> >> >> i need Authentication with my webapp. My Problem is, that i don#t >> >> >> have >> >> >> access to the tomcat-files, so i need another way to do that! I >> >> >> thought >> >> >> perhaps i can deal with some session variables or something like >> >> >> that? >> >> >> eXist >> >> >> offers some kind of session-variables which i can set and request. >> >> >> Is >> >> >> there >> >> >> anything similar within OPS? Can't find an example or information >> >> >> on >> >> >> that - >> >> >> did i searched the wrong places? >> >> >> >> >> >> The workflow would be: >> >> >> 1. Login over a simple Login-Page with xforms? >> >> >> 2. Set Sessions Variables with username and password >> >> >> 3. while dealing with exist use that information within >> >> >> xxforms:username >> >> >> and >> >> >> xxforms:password >> >> >> 4. at the end logout and delete the session-variables >> >> >> >> >> >> Is that possible? Where can i find more information on that? >> >> >> >> >> >> Any help is very welcome, >> >> >> thanks, Marcus >> >> >> >> >> >> -- >> >> >> You receive this message as a subscriber of the >> >> >> [hidden email] >> >> >> mailing list. >> >> >> To unsubscribe: mailto:[hidden email] >> >> >> For general help: mailto:[hidden email]?subject=help >> >> >> ObjectWeb mailing lists service home page: >> >> >> http://www.objectweb.org/wws >> >> >> >> >> >> >> >> > >> >> > >> >> > -- >> >> > Orbeon Forms - Web 2.0 Forms for the Enterprise >> >> > http://www.orbeon.com/ >> >> > >> >> > >> >> >> >> >> >> -------------------------------------------------------------------------------- >> >> >> >> >> >> > >> >> > -- >> >> > You receive this message as a subscriber of the >> >> > [hidden email] >> >> > mailing list. >> >> > To unsubscribe: mailto:[hidden email] >> >> > For general help: mailto:[hidden email]?subject=help >> >> > ObjectWeb mailing lists service home page: >> >> > http://www.objectweb.org/wws >> >> > >> >> >> >> >> >> >> >> >> >> -- >> >> You receive this message as a subscriber of the >> >> [hidden email] >> >> mailing list. >> >> To unsubscribe: mailto:[hidden email] >> >> For general help: mailto:[hidden email]?subject=help >> >> ObjectWeb mailing lists service home page: >> >> http://www.objectweb.org/wws >> >> >> >> >> > >> > >> > -- >> > Orbeon Forms - Web 2.0 Forms for the Enterprise >> > http://www.orbeon.com/ >> > >> > >> >> >> -------------------------------------------------------------------------------- >> >> >> > >> > -- >> > You receive this message as a subscriber of the [hidden email] >> > mailing list. >> > To unsubscribe: mailto:[hidden email] >> > For general help: mailto:[hidden email]?subject=help >> > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> > >> >> >> >> >> -- >> You receive this message as a subscriber of the [hidden email] >> mailing list. >> To unsubscribe: mailto:[hidden email] >> For general help: mailto:[hidden email]?subject=help >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> >> > > > -- > Orbeon Forms - Web 2.0 Forms for the Enterprise > http://www.orbeon.com/ > > -------------------------------------------------------------------------------- > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
Administrator
|
Hi Marcus,
I don't have any particular recommendation for authentication filters. You'll let us know how this one is working for you. Alex On 4/25/07, Marcus <[hidden email]> wrote: > Hi Alex, > thanks a lot for that. > Found the following page: http://securityfilter.sourceforge.net/ > Any other SecurityFilters you worked with - this one seems to be a good > example. I'll try it tomorrow and give you feedback on that if you want. > If you have further hints, please let me know! > > Marcus > > > ----- Original Message ----- > From: "Alessandro Vernet" <[hidden email]> > To: <[hidden email]> > Sent: Thursday, April 26, 2007 2:30 AM > Subject: Re: [ops-users] Authentication with Session-Variables? > > > > Marcus, > > > > A servlet filter is a piece of code that runs before or after the > > actual servlet. One use of filters is to do authentication, > > essentially doing what the container (Tomcat) would do in those cases > > where you don't want to use the facility provided by the container. > > Try to google "servlet authentication filter", and you will find a > > number of articles and examples about this. > > > > Alex > > > > On 4/25/07, Marcus <[hidden email]> wrote: > >> Hi , > >> ok, some background on my project. > >> I study Informatic and right now i have to do my last exam. For that i > >> have > >> to programm a database-application for another project. The have to > >> collect > >> some data for later presentation and searching on the web. So there > >> should > >> be two seperate sections. One administration section, to enter, update or > >> delete data and than the normal user-section, where you can search for, > >> display and save the searched datafiles. > >> Therefor i used your government example for collecting the data within > >> different forms and now i have to make the administration section secure, > >> so > >> i need a user login! > >> > >> The problem with the tomcat container is, that i have no access rights. > >> The > >> only thing i can do is to deploy my application there. For every restart > >> i > >> have to mail the webadmin and i asked him about the > >> tomcat-user-configuration and he said i shouldn't work with that. Now i > >> looking for another workaround. > >> > >> I'm very new in working with OPS and eXist and the whole XML-theme, but > >> i'm > >> very interessted in it and perhaps my job after finished my study in 2-3 > >> months will also be building webapplications with XML. As you may have > >> noticed, I#m writting very often to the help-forum and thats why i havn't > >> got much time left. I also have to do my written work very urgent. :-(( > >> In > >> the beginning i lost much time with trying every thing by myself - i love > >> learning by doing, but at the moment i need some help with the big themes > >> left. I hope in the future i'll be able to support the help-forum more > >> while > >> developing webapps at my job and so give something back. You do a great > >> work... > >> > >> So, sorry for the little story - back to your question: > >> What is a Servlet-Filter and where can i find information on that? > >> Perhaps i > >> can use that, but i don't know how :-( > >> > >> Marcus > >> > >> > >> ----- Original Message ----- > >> From: "Alessandro Vernet" <[hidden email]> > >> To: <[hidden email]> > >> Sent: Thursday, April 26, 2007 1:25 AM > >> Subject: Re: [ops-users] Authentication with Session-Variables? > >> > >> > >> > Hi Marcus, > >> > > >> > You can have multiple action handlers for xforms-ready in your XForms > >> > model. And you can find examples of XPL files in the examples, under > >> > that apps directory. But the more I think about this, the less I like > >> > it. Letting the container handle authentication works really well. Is > >> > there really no way you can do this at the container (e.g. Tomcat) > >> > level? > >> > > >> > If you can't modify any of the container files, maybe another option > >> > is to do the authentication with a servlet filter. Would this work > >> > better? > >> > > >> > Alex > >> > > >> > On 4/24/07, Marcus <[hidden email]> wrote: > >> >> Hi, > >> >> thanks for the fast answer. The Scope seems to be a good oportunity to > >> >> save > >> >> those data. > >> >> As a have not worked with pipelines and prozessors before, are there > >> >> easy > >> >> examples where i can find some code fragments, showing me how to use > >> >> that? > >> >> Binding a testcase that requests the scope data and than shows the > >> >> page > >> >> or > >> >> redirects to the login-page i think was the "workaround" you ment, > >> >> didn't > >> >> you? Shouldn't something like that be tested within the > >> >> xforms-ready-aktion? > >> >> Does the epiloge provides that possibility or is it ok to have two > >> >> xforms-ready-actions in one document? > >> >> > >> >> Also i need the pipelines for automatic generating xquery statements > >> >> for > >> >> requesting the exist db i think. I want to provide a search form and > >> >> with > >> >> those data (search-phrase, tables to search in, filters, > >> >> search-method, > >> >> ...) > >> >> stored in a simple instance i have to produce then an automatic > >> >> generated > >> >> xquery statement and query the exist-db. I don't think that somethink > >> >> similar to that could be found in one of your examples? > >> >> > >> >> Thanks for your support! > >> >> Marcus > >> >> > >> >> ----- Original Message ----- > >> >> From: "Alessandro Vernet" <[hidden email]> > >> >> To: <[hidden email]> > >> >> Sent: Wednesday, April 25, 2007 3:16 AM > >> >> Subject: Re: [ops-users] Authentication with Session-Variables? > >> >> > >> >> > >> >> > Hi Marcus, > >> >> > > >> >> > You can store XML documents in the session with the Scope > >> >> > serializer, > >> >> > and retrieve them with the Scope generator. See: > >> >> > > >> >> > http://www.orbeon.com/ops/doc/processors-serializers#scope-serializer > >> >> > http://www.orbeon.com/ops/doc/processors-generators#scope-generator > >> >> > > >> >> > One downside of not using the container (Tomcat) authentication is > >> >> > that you will need to add some code to each page. You can get around > >> >> > this by adding this code automatically to all your page in the > >> >> > epilogue. > >> >> > > >> >> > Alex > >> >> > > >> >> > On 4/24/07, Marcus <[hidden email]> wrote: > >> >> >> > >> >> >> > >> >> >> Hi, > >> >> >> > >> >> >> i need Authentication with my webapp. My Problem is, that i don#t > >> >> >> have > >> >> >> access to the tomcat-files, so i need another way to do that! I > >> >> >> thought > >> >> >> perhaps i can deal with some session variables or something like > >> >> >> that? > >> >> >> eXist > >> >> >> offers some kind of session-variables which i can set and request. > >> >> >> Is > >> >> >> there > >> >> >> anything similar within OPS? Can't find an example or information > >> >> >> on > >> >> >> that - > >> >> >> did i searched the wrong places? > >> >> >> > >> >> >> The workflow would be: > >> >> >> 1. Login over a simple Login-Page with xforms? > >> >> >> 2. Set Sessions Variables with username and password > >> >> >> 3. while dealing with exist use that information within > >> >> >> xxforms:username > >> >> >> and > >> >> >> xxforms:password > >> >> >> 4. at the end logout and delete the session-variables > >> >> >> > >> >> >> Is that possible? Where can i find more information on that? > >> >> >> > >> >> >> Any help is very welcome, > >> >> >> thanks, Marcus > >> >> >> > >> >> >> -- > >> >> >> You receive this message as a subscriber of the > >> >> >> [hidden email] > >> >> >> mailing list. > >> >> >> To unsubscribe: mailto:[hidden email] > >> >> >> For general help: mailto:[hidden email]?subject=help > >> >> >> ObjectWeb mailing lists service home page: > >> >> >> http://www.objectweb.org/wws > >> >> >> > >> >> >> > >> >> > > >> >> > > >> >> > -- > >> >> > Orbeon Forms - Web 2.0 Forms for the Enterprise > >> >> > http://www.orbeon.com/ > >> >> > > >> >> > > >> >> > >> >> > >> >> -------------------------------------------------------------------------------- > >> >> > >> >> > >> >> > > >> >> > -- > >> >> > You receive this message as a subscriber of the > >> >> > [hidden email] > >> >> > mailing list. > >> >> > To unsubscribe: mailto:[hidden email] > >> >> > For general help: mailto:[hidden email]?subject=help > >> >> > ObjectWeb mailing lists service home page: > >> >> > http://www.objectweb.org/wws > >> >> > > >> >> > >> >> > >> >> > >> >> > >> >> -- > >> >> You receive this message as a subscriber of the > >> >> [hidden email] > >> >> mailing list. > >> >> To unsubscribe: mailto:[hidden email] > >> >> For general help: mailto:[hidden email]?subject=help > >> >> ObjectWeb mailing lists service home page: > >> >> http://www.objectweb.org/wws > >> >> > >> >> > >> > > >> > > >> > -- > >> > Orbeon Forms - Web 2.0 Forms for the Enterprise > >> > http://www.orbeon.com/ > >> > > >> > > >> > >> > >> -------------------------------------------------------------------------------- > >> > >> > >> > > >> > -- > >> > You receive this message as a subscriber of the [hidden email] > >> > mailing list. > >> > To unsubscribe: mailto:[hidden email] > >> > For general help: mailto:[hidden email]?subject=help > >> > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > >> > > >> > >> > >> > >> > >> -- > >> You receive this message as a subscriber of the [hidden email] > >> mailing list. > >> To unsubscribe: mailto:[hidden email] > >> For general help: mailto:[hidden email]?subject=help > >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > >> > >> > > > > > > -- > > Orbeon Forms - Web 2.0 Forms for the Enterprise > > http://www.orbeon.com/ > > > > > > > -------------------------------------------------------------------------------- > > > > > > -- > > You receive this message as a subscriber of the [hidden email] > > mailing list. > > To unsubscribe: mailto:[hidden email] > > For general help: mailto:[hidden email]?subject=help > > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > > > > > -- > You receive this message as a subscriber of the [hidden email] mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > -- Orbeon Forms - Web 2.0 Forms for the Enterprise http://www.orbeon.com/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
In reply to this post by Larry T. Chen
Hi Larry, hi Alex,
i read some information on that theme and just have
some problems with it.
It seems to be a good and easy way to implement an
authentication without using the container, but in all examples I can't find any
good documentation! :-((
1. Problem: Most of that examples deal with
JSP-sides - i do not know i I can use that Filters with my xhtml-sides within
OPS?
2. I can't find any information where to store the
user-data (names and passwords). Can't find a configuration file or something
like that where I can just add new Users :-((
I have access to my web.xml, cause i have to build
my app as an deployable war-file at the end. So it would be no problem to
register the filters and do the mapping, but i think i need the jar-files, don't
i?
Marcus
-- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
|
I'm dealing with authentication issues myself. Currently, I'm doing
similar to what has been mentioned before. I have pipelines that, given an instance of a user xml document, will store and remove that document from the session scope. The container's built-in authentication features aren't really appropriate for me because I don't use Username/Passwords to auth my users, but instead use OpenID. Using a servlet filter looks like an interesting way to do things, but it seems like they're more appropriate for doing things like restricting access to certain directories (or other patterns) not enabling additional privileges on an otherwise public page. Am I right about this? Does anyone else out there use a servlet filter for populating the session to be later retrieved from within a pipeline? Also, wouldn't it make more sense to retrieve the session information at the beginning of the flow and pass that down than to check it in the epilogue? -- Daniel E. Renfer http://kronkltd.net/ On 4/26/07, Marcus <[hidden email]> wrote: > > > Hi Larry, hi Alex, > > i read some information on that theme and just have some problems with it. > It seems to be a good and easy way to implement an authentication without > using the container, but in all examples I can't find any good > documentation! :-(( > > 1. Problem: Most of that examples deal with JSP-sides - i do not know i I > can use that Filters with my xhtml-sides within OPS? > 2. I can't find any information where to store the user-data (names and > passwords). Can't find a configuration file or something like that where I > can just add new Users :-(( > > I have access to my web.xml, cause i have to build my app as an deployable > war-file at the end. So it would be no problem to register the filters and > do the mapping, but i think i need the jar-files, don't i? > > Marcus > > > > ----- Original Message ----- > From: Larry T. Chen > To: [hidden email] > Sent: Thursday, April 26, 2007 2:24 AM > Subject: Re: [ops-users] Authentication with Session-Variables? > > Hi Marcus, > > For our project, we have successfully implemented a servlet filter that > authenticates against an LDAP server. You will have to modify web.xml for > your webapp to enable the filter. Right now we have it working well running > the authentication filter before the Orbeon Forms filter. Hopefully you > have access to web.xml. You shouldn't have to touch server.xml. > > <filter> > <filter-name>erp-auth-filter</filter-name> > > <filter-class>net.intelenet.servlet.AuthFilter</filter-class> > </filter> > > <filter> > <filter-name>ops-main-filter</filter-name> > > <filter-class>org.orbeon.oxf.servlet.OPSServletFilter</filter-class> > > .... > > <filter-mapping> > <filter-name>erp-auth-filter</filter-name> > <url-pattern>*.xhtml</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>ops-main-filter</filter-name> > <url-pattern>*.xhtml</url-pattern> > </filter-mapping> > > > Googling servlet filters will retrieve plenty of info on Servlet Filters. > > Larry > > > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
Administrator
|
Daniel,
Have you searched out there for a Java OpenID library? Maybe you don't need to reinvent the wheel. Ideally, OpenID would be handled by the servlet container as well... -Erik Daniel E. Renfer wrote: > I'm dealing with authentication issues myself. Currently, I'm doing > similar to what has been mentioned before. I have pipelines that, > given an instance of a user xml document, will store and remove that > document from the session scope. The container's built-in > authentication features aren't really appropriate for me because I > don't use Username/Passwords to auth my users, but instead use OpenID. > > Using a servlet filter looks like an interesting way to do things, but > it seems like they're more appropriate for doing things like > restricting access to certain directories (or other patterns) not > enabling additional privileges on an otherwise public page. > > Am I right about this? Does anyone else out there use a servlet filter > for populating the session to be later retrieved from within a > pipeline? > > Also, wouldn't it make more sense to retrieve the session information > at the beginning of the flow and pass that down than to check it in > the epilogue? > -- Orbeon Forms - Web Forms for the Enterprise Done the Right Way http://www.orbeon.com/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
|
I am using OpenID4Java[1]. I created a custom processor to do the
authentication. (I plan on sharing the code once it's a tad more stable) My question was more about dealing with authentication in Orbeon Forms in general, than my particular setup. If you think I would be better off doing a separate filter than integrated into Forms, then I'll look into that, but seeing as I've already gotten it working, I'd rather not change. [1]: http://code.google.com/p/openid4java/ -- Daniel E. Renfer http://kronkltd.net/ On 4/27/07, Erik Bruchez <[hidden email]> wrote: > Daniel, > > Have you searched out there for a Java OpenID library? Maybe you don't > need to reinvent the wheel. Ideally, OpenID would be handled by the > servlet container as well... > > -Erik > > Daniel E. Renfer wrote: > > I'm dealing with authentication issues myself. Currently, I'm doing > > similar to what has been mentioned before. I have pipelines that, > > given an instance of a user xml document, will store and remove that > > document from the session scope. The container's built-in > > authentication features aren't really appropriate for me because I > > don't use Username/Passwords to auth my users, but instead use OpenID. > > > > Using a servlet filter looks like an interesting way to do things, but > > it seems like they're more appropriate for doing things like > > restricting access to certain directories (or other patterns) not > > enabling additional privileges on an otherwise public page. > > > > Am I right about this? Does anyone else out there use a servlet filter > > for populating the session to be later retrieved from within a > > pipeline? > > > > Also, wouldn't it make more sense to retrieve the session information > > at the beginning of the flow and pass that down than to check it in > > the epilogue? > > > > > -- > Orbeon Forms - Web Forms for the Enterprise Done the Right Way > http://www.orbeon.com/ > > > > -- > You receive this message as a subscriber of the [hidden email] mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Hi at all,
that seems a nice diskussion, but if you don't mind, i need help with the "servlet authentication filter" problem and not even more other options with things a can't deal with at the moment :-( Of course this thread is open to all other too, but answering my questions with leaving even more other questions open doesn't help me very much at the moment! Because i need authentication through name/pass, i need restricted acces to the whole admin section, and ok, just when a registert user is logged on, i also need the session information so i can free some additional functions like saving search information and results for the user. The lag of not been able to use the containers athentication issue leeds me to the point, that the best thing would be to use that kind von servlet filter - but i have problems to understand how to configurate them and to deal with them, because all examples i could find work with jsp-files and not xhtml :-( So is there anybody who could help me more with the servlet-filter issue? i would be very pleased! Thanks a lot, Marcus ----- Original Message ----- From: "Daniel E. Renfer" <[hidden email]> To: <[hidden email]> Sent: Friday, April 27, 2007 10:25 AM Subject: Re: [ops-users] Authentication with Session-Variables? >I am using OpenID4Java[1]. I created a custom processor to do the > authentication. (I plan on sharing the code once it's a tad more > stable) > > My question was more about dealing with authentication in Orbeon Forms > in general, than my particular setup. > > If you think I would be better off doing a separate filter than > integrated into Forms, then I'll look into that, but seeing as I've > already gotten it working, I'd rather not change. > > [1]: http://code.google.com/p/openid4java/ > > -- > Daniel E. Renfer > http://kronkltd.net/ > > > On 4/27/07, Erik Bruchez <[hidden email]> wrote: >> Daniel, >> >> Have you searched out there for a Java OpenID library? Maybe you don't >> need to reinvent the wheel. Ideally, OpenID would be handled by the >> servlet container as well... >> >> -Erik >> >> Daniel E. Renfer wrote: >> > I'm dealing with authentication issues myself. Currently, I'm doing >> > similar to what has been mentioned before. I have pipelines that, >> > given an instance of a user xml document, will store and remove that >> > document from the session scope. The container's built-in >> > authentication features aren't really appropriate for me because I >> > don't use Username/Passwords to auth my users, but instead use OpenID. >> > >> > Using a servlet filter looks like an interesting way to do things, but >> > it seems like they're more appropriate for doing things like >> > restricting access to certain directories (or other patterns) not >> > enabling additional privileges on an otherwise public page. >> > >> > Am I right about this? Does anyone else out there use a servlet filter >> > for populating the session to be later retrieved from within a >> > pipeline? >> > >> > Also, wouldn't it make more sense to retrieve the session information >> > at the beginning of the flow and pass that down than to check it in >> > the epilogue? >> > >> >> >> -- >> Orbeon Forms - Web Forms for the Enterprise Done the Right Way >> http://www.orbeon.com/ >> >> >> >> -- >> You receive this message as a subscriber of the [hidden email] >> mailing list. >> To unsubscribe: mailto:[hidden email] >> For general help: mailto:[hidden email]?subject=help >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> >> > > -------------------------------------------------------------------------------- > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
Administrator
|
On 4/27/07, Marcus <[hidden email]> wrote:
> The lag of not been able to use the containers athentication issue leeds me > to the point, that the best thing would be to use that kind von servlet > filter - but i have problems to understand how to configurate them and to > deal with them, because all examples i could find work with jsp-files and > not xhtml :-( Marcus, Using JSPs or the Orbeon Forms servlet should not make a difference as far as the filter is concerned. The filter runs before the JSP or the Orbeon Forms servlet. You may want to try your filter first with a JSP, just to start simple. Alex -- Orbeon Forms - Web 2.0 Forms for the Enterprise http://www.orbeon.com/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Hi Alex,
the example works pretty well, but they load some Constants out of the class files. My most problem is, where to set up the user-data. Cause there is no explicit documantation its difficult to understand how it exactly works and to config all possibilities... Marcus ----- Original Message ----- From: "Alessandro Vernet" <[hidden email]> To: <[hidden email]> Sent: Saturday, April 28, 2007 12:15 AM Subject: Re: [ops-users] Authentication with Session-Variables? > On 4/27/07, Marcus <[hidden email]> wrote: >> The lag of not been able to use the containers athentication issue leeds >> me >> to the point, that the best thing would be to use that kind von servlet >> filter - but i have problems to understand how to configurate them and to >> deal with them, because all examples i could find work with jsp-files and >> not xhtml :-( > > Marcus, > > Using JSPs or the Orbeon Forms servlet should not make a difference as > far as the filter is concerned. The filter runs before the JSP or the > Orbeon Forms servlet. You may want to try your filter first with a > JSP, just to start simple. > > Alex > -- > Orbeon Forms - Web 2.0 Forms for the Enterprise > http://www.orbeon.com/ > > -------------------------------------------------------------------------------- > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
Administrator
|
Marcus,
What user data are you talking about? Alex On 4/27/07, Marcus <[hidden email]> wrote: > Hi Alex, > the example works pretty well, but they load some Constants out of the class > files. > My most problem is, where to set up the user-data. Cause there is no > explicit documantation its difficult to understand how it exactly works and > to config all possibilities... > > Marcus > > ----- Original Message ----- > From: "Alessandro Vernet" <[hidden email]> > To: <[hidden email]> > Sent: Saturday, April 28, 2007 12:15 AM > Subject: Re: [ops-users] Authentication with Session-Variables? > > > > On 4/27/07, Marcus <[hidden email]> wrote: > >> The lag of not been able to use the containers athentication issue leeds > >> me > >> to the point, that the best thing would be to use that kind von servlet > >> filter - but i have problems to understand how to configurate them and to > >> deal with them, because all examples i could find work with jsp-files and > >> not xhtml :-( > > > > Marcus, > > > > Using JSPs or the Orbeon Forms servlet should not make a difference as > > far as the filter is concerned. The filter runs before the JSP or the > > Orbeon Forms servlet. You may want to try your filter first with a > > JSP, just to start simple. > > > > Alex > > -- > > Orbeon Forms - Web 2.0 Forms for the Enterprise > > http://www.orbeon.com/ > > > > > > > -------------------------------------------------------------------------------- > > > > > > -- > > You receive this message as a subscriber of the [hidden email] > > mailing list. > > To unsubscribe: mailto:[hidden email] > > For general help: mailto:[hidden email]?subject=help > > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > > > > > > -- > You receive this message as a subscriber of the [hidden email] mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > > -- Orbeon Forms - Web 2.0 Forms for the Enterprise http://www.orbeon.com/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
Damn, it worked for a litle while and now, he did not find the jsp-files :-(
Don't know what i did wrong :-( The user-data i'm talking about is a file i suppose, where all the users will be defined, together with their passwords and roles i think. There must be a place were those data are stored and the SecurityFilters validates the Login-information. But i don't know where i could store those information :-( Marcus ----- Original Message ----- From: "Alessandro Vernet" <[hidden email]> To: <[hidden email]> Sent: Saturday, April 28, 2007 4:04 AM Subject: Re: [ops-users] Authentication with Session-Variables? > Marcus, > > What user data are you talking about? > > Alex > > On 4/27/07, Marcus <[hidden email]> wrote: >> Hi Alex, >> the example works pretty well, but they load some Constants out of the >> class >> files. >> My most problem is, where to set up the user-data. Cause there is no >> explicit documantation its difficult to understand how it exactly works >> and >> to config all possibilities... >> >> Marcus >> >> ----- Original Message ----- >> From: "Alessandro Vernet" <[hidden email]> >> To: <[hidden email]> >> Sent: Saturday, April 28, 2007 12:15 AM >> Subject: Re: [ops-users] Authentication with Session-Variables? >> >> >> > On 4/27/07, Marcus <[hidden email]> wrote: >> >> The lag of not been able to use the containers athentication issue >> >> leeds >> >> me >> >> to the point, that the best thing would be to use that kind von >> >> servlet >> >> filter - but i have problems to understand how to configurate them and >> >> to >> >> deal with them, because all examples i could find work with jsp-files >> >> and >> >> not xhtml :-( >> > >> > Marcus, >> > >> > Using JSPs or the Orbeon Forms servlet should not make a difference as >> > far as the filter is concerned. The filter runs before the JSP or the >> > Orbeon Forms servlet. You may want to try your filter first with a >> > JSP, just to start simple. >> > >> > Alex >> > -- >> > Orbeon Forms - Web 2.0 Forms for the Enterprise >> > http://www.orbeon.com/ >> > >> > >> >> >> -------------------------------------------------------------------------------- >> >> >> > >> > -- >> > You receive this message as a subscriber of the [hidden email] >> > mailing list. >> > To unsubscribe: mailto:[hidden email] >> > For general help: mailto:[hidden email]?subject=help >> > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> > >> >> >> >> >> -- >> You receive this message as a subscriber of the [hidden email] >> mailing list. >> To unsubscribe: mailto:[hidden email] >> For general help: mailto:[hidden email]?subject=help >> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws >> >> > > > -- > Orbeon Forms - Web 2.0 Forms for the Enterprise > http://www.orbeon.com/ > > -------------------------------------------------------------------------------- > > -- > You receive this message as a subscriber of the [hidden email] > mailing list. > To unsubscribe: mailto:[hidden email] > For general help: mailto:[hidden email]?subject=help > ObjectWeb mailing lists service home page: http://www.objectweb.org/wws > -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
|
|
In reply to this post by Alessandro Vernet
Hi Alex,
something new on the user-data-file, or wherever those details are stored? But at the moment i've got a new urgent question. How can i redirect to the OF apps. Let me try to explain the problem more detailt. The Security-Authentication-Filter works by itself. But there all the files are stored inside the standard root-directory. And there all worls fine. Then i tried to store some kind of "secret-page" into a subdirectory inside the WEB-INF, just like in OF the examples are stored into WEB-INF/resources/apps/myapp/secure.jsp. Note that this testversion doesn't work! Neither on it's own, nor together with OF :-( As a standalone it noticed that i tried to access a subdirectory and directed me to the login-page, but after succesful login, it shows me: HTTP Status 404 - /test/test.jsp type Status report message /resources/apps/myapp/test.jsp description The requested resource (/resources/apps/myapp/test.jsp) is not available. Apache Tomcat/5.5.20 I searched for more information and found, the files under the WEB-INF cannot be accessd directly, so what can i do? Together with OF i placed the testpages to the root, and there it worked fine. Than i tried to add a security constraint for the subdirectory, where my admin-pages are, but it doesn't recognize the access and for that just opens the admin-section without any login-form :-( Can someone help me with that? For more details I'll post my changes to the config files: web.xml: ---------- ... <filter> <filter-name>Security Filter</filter-name> <filter-class>org.securityfilter.filter.SecurityFilter</filter-class> <init-param> <param-name>config</param-name> <param-value>/WEB-INF/securityfilter-config.xml</param-value> <description>Configuration file location (this is the default value)</description> </init-param> <init-param> <param-name>validate</param-name> <param-value>false</param-value> <description>Validate config file if set to true</description> </init-param> </filter> <!-- All JSP files under /xforms-jsp go through the OPS filter --> <filter> <filter-name>ops-main-filter</filter-name> <filter-class>org.orbeon.oxf.servlet.OPSServletFilter</filter-class> <init-param> <param-name>oxf.main-processor.name</param-name> <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value> </init-param> <init-param> <param-name>oxf.main-processor.input.config</param-name> <param-value>oxf:/config/filter.xpl</param-value> </init-param> <init-param> <param-name>oxf.error-processor.name</param-name> <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value> </init-param> <init-param> <param-name>oxf.error-processor.input.config</param-name> <param-value>oxf:/config/error.xpl</param-value> </init-param> </filter> <!-- map all requests to the SecurityFilter, control what it does with configuration settings --> <filter-mapping> <filter-name>Security Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>ops-main-filter</filter-name> <url-pattern>/xforms-jsp/*</url-pattern> </filter-mapping> ... (so i posted the filter-information right in front of the ops filter - was that right?) securityfilter-config.xml ---------- <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE securityfilter-config PUBLIC "-//SecurityFilter.org//DTD Security Filter Configuration 2.0//EN" "http://www.securityfilter.org/dtd/securityfilter-config_2_0.dtd"> <securityfilter-config> <security-constraint> <web-resource-collection> <web-resource-name>Secure Page</web-resource-name> <url-pattern>/WEB-INF/resources/apps/forms/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>inthisrole</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Secure Page</web-resource-name> <url-pattern>/securePage.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>inthisrole</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Secure page that the example user is not authorized to view</web-resource-name> <url-pattern>/forbiddenPage.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>notinthisrole</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/loginForm.jsp</form-login-page> <form-error-page>/loginError.jsp</form-error-page> <form-default-page>/index.jsp</form-default-page> <!-- logout page definition is important for persistent logins --> <form-logout-page>/logout.jsp</form-logout-page> <!-- remember-me config --> <remember-me className="org.securityfilter.authenticator.persistent.DefaultPersistentLoginManager"> <!-- optional settings for default persistent login manager --> <remember-me-param name="cookieLife" value="15"/> <remember-me-param name="protection" value="all"/> <remember-me-param name="useIP" value="true"/> <remember-me-param name="encryptionAlgorithm" value="DES"/> <remember-me-param name="encryptionMode" value="ECB"/> <remember-me-param name="encryptionPadding" value="PKCS5Padding"/> <!-- encryption keys; customize for each application --> </remember-me> </form-login-config> </login-config> <realm className="org.securityfilter.example.realm.TrivialSecurityRealm"> <realm-param name="exampleProperty" value="it works!" /> </realm> </securityfilter-config> Beside of that i didn't made any changes! As i said, the Authentication by itself in the root directory works well, but it does not recognize my access to the forms-application :-( Thanks, Marcus -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
Re: Authentication with Session-Variables?
|
Administrator
|
On 4/30/07, Marcus <[hidden email]> wrote:
> The Security-Authentication-Filter works by itself. But there all the files > are stored inside the standard root-directory. And there all worls fine. > Then i tried to store some kind of "secret-page" into a subdirectory inside > the WEB-INF, just like in OF the examples are stored into > WEB-INF/resources/apps/myapp/secure.jsp. Note that this testversion doesn't > work! Neither on it's own, nor together with OF :-( Hi Marcus, My recommendation is to first try to get the Security-Authentication-Filter working by itself, with some simple JSP file which does not generate XForms, and does not go through Orbeon Forms. I you have questions regarding this step, I recommend you ask them on the mailing list or forum setup for that filter. You will be more likely to find people there who are familiar with that piece of software and who will be able to help you. Alex -- Orbeon Forms - Web 2.0 Forms for the Enterprise http://www.orbeon.com/ -- You receive this message as a subscriber of the [hidden email] mailing list. To unsubscribe: mailto:[hidden email] For general help: mailto:[hidden email]?subject=help ObjectWeb mailing lists service home page: http://www.objectweb.org/wws |
«
Return to Orbeon Forms community mailing list
|
1 view|%1 views
| Free forum by Nabble | Edit this page |