Hibernate and the authentication framework

This is the third (and final?) chapter in my Hibernate trilogy.

I assume you had a quick look at part 1 and 2, and you are familiar with the Cocoon documentation about the authentication and session framework.

I wrote a generator for the Cocoon pipeline that gives you the option to use the Hibernate classes (see [http://wiki.cocoondev.org/Wiki.jsp?page=XMLFormJXFormHibernateAndFlowscript the flow examples]) for user authentication with the Cocoon authentication framework. If you already walked through these Hibernate examples, be aware that I applied a "minor" modification to the user table: the login name is no longer the primary key. It will take some time to update the other examples.

The source is in the attachment. Change the package name to whatever you want, but make sure you use consistent names everywhere.

The goal is to create a pipeline that replaces the authentication pipeline in the example which uses a flat-file approach.

This is from the /samples :BR

  <map:pipeline internal-only="true">\\
    <!-- This is the authentication respource -->\\
        <map:match pattern="authenticate">\\
            <map:generate src="docs/userlist.xml"/>\\
            <map:transform src="stylesheets/authenticate.xsl">\\
                <map:parameter name="use-request-parameters" value="true"/>\\
          </map:transform>\\
            <map:serialize type="xml"/>\\
        </map:match>\\
  </map:pipeline>\\

BR

Replace it with:BR

 <map:pipeline internal-only="true">\\
     <!-- This is the authentication respource -->\\
                 <map:match pattern="authenticate">\\
                                <map:generate type="auth" src=""/>\\
                    <map:serialize  type="xml"/>\\
                 </map:match>\\
 </map:pipeline>\\

BR

The "auth" generator must be declared in your sitemap:BR

 <map:generators default="file">\\
        <map:generator name="auth" src="nl.datagram.cocoon.generation.AuthGen"/>\\
 </map:generators>\\

BR

And of course the compiled AuthGen class must be somewhere in your classpath ( e.g. WEB-INF/classes)

Oops. Almost forgot: I am using two request variables (name and password) in my login resource (the two fields of the login page). So the part of the sitemap that performs auth service (the target of the login form) typically contains two lines:BR {{

}}BR These parameter names are hard coded in the generator (some room for improvement here).

A goodie of the generator: the user bean is stored in the session. So if your protected resource is a JXTemplate that contains something like:BR {{

}} , the user will be welcomed with his own name.

BR BR Attachment: attachment:Hibernate_3.zip BR Attachment: attachment:Contrib4.zip BR