Cocoon is a great framework for writing web applications. Unfortunately there is no existing way to manage application configuration: a configuration that is global to your application. Of course there are several ways to do this, e.g. by defining parameters in the web.xml or by adding the configuration to some Avalon component or by providing your own configuration mechanism.
But in many cases, although you only have one web application from the servlet specification point of view, you might have several applications running in one single Cocoon instance at the same time. And of course each of these applications need their own configuration. For example, a portal needs some configuration about where the user profiles are stored, what layout to use etc. And inside the portal you have several Cocoon powered web applications (portlets) running.
CoWarp offers the notion of an application with its own configuration. It's possible to configure several applications with different configurations. In addition an application is associated with authentication and authorization. It's possible to define if a user is required to login to use the application and to control the rights for a particular user (or depending on his role etc.).
Before you can use an application, you have to tell CoWarp about it. Technically, an application is a singleton component, so the configuration of an application takes place in the cocoon.xconf.
Starting with Cocoon 2.2 it's possible to define components on a per sitemap base, so it's also possible to define the application in the xconf belonging to your application's sitemap.
Let's have a look at a simple application configuration:
... <component role="org.osoco.cowarp.Application/WebShop" class="org.osoco.cowarp.StandardApplication" security-handler="shop-handler"> ... Configuration for the application - if required </component> ...
In the example above we define one application called WebShop. Each application must have a unique name that is later on used as a reference to this application. This name is defined in the role attribute and has to be prefixed with "org.osoco.cowarp.Application/". In addition an application is "secured" by a security handler which means, only users that are logged in using this handler are allowed to use this application. The configuration of an application takes the name of the security handler as a required attribute. Please see here for more information on security handlers.
Inside the application you can use any XML format for configuring your application. CoWarp provides several ways to evaluate/access this configuration.
If you don't specify a security handler in your application, the anonymous security handler is used.