cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sonny Sukumar <ahimsad...@yahoo.com>
Subject Cocoon 2.1 Authentication Bug? *Please* Help
Date Mon, 25 Aug 2003 21:58:35 GMT

Hi guys,

I could not get any help for my problem on the Cocoon
Users list, so this is my last resort.  I am using
Cocoon 2.1 (with Tomcat 4.1.12 with JDK 1.4.1_01).  I 
would very much appreciate your help. 

PROBLEM: I don't think the auth-login (LoginAction) is
working right.  If I use <authentication
uri="cocoon:/authenticateAdmin"/> in the handler, I 
always get a NullPointerException in
org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator.authenticate

at line 290 (that line is 'DocumentFragment
authenticationFragment =
doc.createDocumentFragment();').  On the other hand,
if I use the raw:/ protocol as in <authentication
uri="cocoon:/raw:/authenticateAdmin"/>, then I ALWAYS
get forwarded to the redirect page, which should never
happen with auth-login from what I understand from the
docs.


So can someone explain the reason for using the
"raw:/" protocol in the <authentication> tag in the
handler? It is there in the documentation
(http://cocoon.apache.org/2.1/developing/webapps/authentication.html),
and it

1.) ALWAYS causes a redirect to the pipeline set in
the <redirect-to> handler tag (for both valid and
invalid user name/password combinations), and 
2.) A printout of the "resource" request param on the
redirected page shows the user name and password
*twice*:

/adminLogin?password=mypwd&userName=my_name&userName=my_name&password=mypwd

It's also kind of strange how the 1st set is opposite
the 2nd set (password first, user name second).  My
login test form makes one enter user name first, and
password second (like any ordinary login form).

Ok, now here's the relevant sitemap contents:


<map:component-configurations>   
    ...
    <authentication-manager>
      <handlers>
        <!-- Authenticates site administrators. -->
        <handler name="adminAuthHandler">
          <redirect-to
uri="cocoon:/getAdminLoginPage"/>
          <!-- Doesn't work, with or without 'raw:/'
as explained above-->
          <authentication
uri="cocoon:/raw:/authenticateAdmin"/>
        </handler>
      </handlers>
    </authentication-manager>
    ...
  </map:component-configurations>


  ...


      <!-- Generate and display the login page.-->
      <map:match pattern="getAdminLoginPage">
        <map:generate src="myapp/xml/adminLogin.xsp"
type="serverpages"/>
        <map:transform type="session"/>
        <map:serialize type="xml"/>
      </map:match>


      <!-- Try to log in the admin. -->
      <map:match pattern="adminLogin">
        <map:act type="auth-login">
          <map:parameter name="handler"
value="adminAuthHandler"/>
          <map:parameter name="parameter_userName" 
value="{request-param:userName}"/>
          <map:parameter name="parameter_password" 
value="{request-param:password}"/>


          <map:read
src="myapp/html_test/authSucceeded.html"/>
        </map:act>


        <!-- Authentication failed -->
        <map:read
src="myapp/html_test/authFailed.html"/>
      </map:match>


      <!-- My auth resource, as defined in the
handler. -->
      <map:match pattern="authenticateAdmin">
        <map:generate
src="myapp/xml/authenticateAdmin.xsp" 
type="serverpages"/>
        <map:serialize type="xml"/>
      </map:match>


      <map:match pattern="adminLogout">
        <map:act type="auth-logout">
          <map:parameter name="handler"
value="adminAuthHandler"/>
          <!--+
            | ::UNRESOLVED ISSUE:: SS 08/19/03
            | Admin logout succeeded, so tell admin in
some way, perhaps
            | a static page.
            +-->
        </map:act>


        <!--+

            | ::UNRESOLVED ISSUE:: SS 08/19/03
            | Admin logout failed. Is that even
possible?  What to do here?
            +-->
      </map:match>


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Mime
View raw message