Authentication with flow and CForms

Using the authentication framework with flow is already described here: Authentication Framework with flow.

What may not be obvious, at least it wasn't to me for a long time, is that the pipeline handling the continuation should also be included in the "protected" area. Otherwise they will loose the authentication context in the session. However, you cannot call a continuation inside a "call function". I.e. the following is not possible:

<map:match pattern="*.continue">
   <map:call function="protected">
      <map:parameter name="handler" value="myflowauthenticationhandler"/>
      <map:call continuation="{1}"/>
   </map:call>
</map:match>

However, you can still use the authentication actions:

<map:match pattern="*.continue">
  <map:act type="auth-loggedIn">  <!-- check authentication -->
    <map:parameter name="handler" value="managehandler"/>
    <map:act type="auth-protect">  <!-- give access to the context -->
      <map:parameter name="handler" value="managehandler"/>
      <map:call continuation="{1}"/>
    </map:act>
  </map:act>
  <map:redirect-to uri="login"/>
</map:match>

Thanks to Oscar Picasso for the above pipeline.

  • No labels