apache > cocoon

Authentication Framework: Application Management

The application management is a very useful feature for building and maintaining web applications. A developer uses it to configure different applications and to manage the user data for these applications.

Configuring an Application

A "authentication" application is related to one authentication handler, so an application is part of the authentication handler configuration:

        <handler name="unique">
             ....redirect-to/authentication configuration
             <applications> <!-- the applications for this handler -->
                 <application name="unique">
                     <load uri="loadapp"/> <!-- optional -->
                     <save uri="saveapp"/> <!-- optional -->

A configuration for an application consists of a unique name (only alphabetical characters and digits are allowed for the application name) and optional load and save resources. The application configuration can contain application specific configuration values for the various parts of the application, e.g. information for a portal.

On a successful authentication, the framework invokes the load resource (if present) for each application of the handler. The content or result of the load resource is stored in the session context.

The user does not always visit all sites or all applications at once, so it is not necessary to load all applications in advance. Each application can specify whether the data is loaded upon successful authentication or the first time it is needed:

....<application name="unique" loadondemand="true"/>...

The load resource gets several parameters: all the values of the subnodes of the "authentication" node from the authentication context (e.g. ID, role etc.) and the parameter "application" containing the unique name of the application. This unique name must not contain one of the characters '_', ':' or '/'.

In addition, the load and save resource get all of the parameters specified inside the load / save tag of the handler configuration.

Configuring the resources

For managing the application the framework needs to know to which application a resource belongs. So in addition to the handler parameter the auth-protect action gets the application name as a second parameter:

<map:match pattern="protectedresource">
  <map:action type="auth-protect">
    <map:parameter name="handler" value="unique handler name"/>
    <map:parameter name="application" value="unique application name"/>
    <map:generate src="source/resource.xml"/>

With this mechanism each application resource can easily access its (and only its own) information. If a resource has no "application" parameter it can not access information of any application.

Getting, setting and saving application information

A resource accesses its application data similar to the way it accesses the authentication data:

<session:getxml context="authentication" path="/application/username"/>
<session:setxml context="authentication"  path="/application/shoppingcart"><item1/><item2/></session:setxml>

The path must follow the same restrictions and rules as always and it has to start with "/application/".