cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Covert" <dwcov...@yahoo.com>
Subject Re: Form Validator
Date Tue, 02 Jul 2002 11:03:33 GMT
Eric-

Glad you have the db auth working. This will likely be files thrown together
because I am getting ready to go out town for a bit.

Here is login.xml
<?xml version="1.0"?>

<page>
<document sidebar="">
 <title>Login page</title>
 <content>
   <linkbar/>
   <para>
     This is a managed system.
   </para>
   <br/><br/>
   <form handler="do-login" name="login" method="get">
   <table width="20" caption="log-in" cellspacing="0" cellpadding="0"
border="0">
    <tr>
    <td width="10" height="0" align="right">WBS id:</td>
    <td width="10" height="0" align="left">
  <input-text name="user_id"/></td>
    </tr>
    <tr>
    <td width="10" height="0" align="right">Password:</td>
    <td width="10" height="0" align="left">
  <input-password name="user_password"/></td>
    </tr>
    <tr>
    <td width="10" height="0" align="center"> </td>
    <td width="10" height="0" align="left">
  <submit name="Login" value="Login"/></td>
    </tr>
 </table>
 <br/>
   </form>
 </content>
</document>
</page>

I flexed heavily off the apache.xsl but if there is anything confusing, let
me know.
I'll give one xsl entry I modified:
  <xsl:template match="input-text">
      <input type="text" name="{@name}" value="{@value}"/>
  </xsl:template>


The pipeline & auth.xml are below from the prior message.
My param.xml is:
<?xml version="1.0" encoding="UTF-8"?>

<!--
This file is used for description of request and session parameters.
parameters that are nullable and are found being null are replaced with
their
default values, non-nullable parameters can make the validation process
fail.
-->
<parameters-descriptor>
  <parameter name="user_id"  type="string" nullable="no"/>
  <parameter name="user_password"  type="string" nullable="no"/>
  <parameter name="user_permission" type="string" nullable="yes"
default="read"/>
</parameters-descriptor>

Your 'login.xsp' and 'do_login.xsp' look very similiar to mine. Just make
sure names match. If it still does not work, I'll have to see your
login.xsp.

      <!-- ================= -->
      <!-- Simple login page -->
      <!-- ================= -->
      <map:match pattern="login">
        <map:generate src="docs/login.xml"/>
        <map:transform src="stylesheets/wbs.xsl"/>
        <map:serialize/>
      </map:match>

      <!-- ========================================= -->
      <!-- Form target which performs auth service   -->
      <!-- ========================================= -->
      <map:match pattern="do-login">
        <!-- first validate whether submitted values are ok -->
        <map:act type="form-validator">
          <map:parameter name="descriptor"
value="context://wbs/descriptors/params.xml"/>
          <map:parameter name="validate" value="user_id"/>
          <!-- now try to log in -->
          <map:act type="db-authenticator">
            <map:parameter name="descriptor"
value="context://wbs/descriptors/auth.xml"/>
            <!-- now go to protected area -->
            <map:redirect-to uri="protected"/>
          </map:act>
  </map:act>
        <!-- something was wrong, try it again -->
  <map:redirect-to uri="login"/>
      </map:match>

On your '*.xsp' pipeline I noticed you used {1}. Once you use an action it
sets a new context and you need to use {../1} to get to the ancestor (or
parent).

Good luck!
Dave.................

----- Original Message -----
From: "Eric Dalquist" <ebdalqui@mtu.edu>
To: <cocoon-users@xml.apache.org>
Sent: Monday, July 01, 2002 10:22 AM
Subject: Re: Form Validator


> Thanks for the tips Dave. I have the DBAuthenticator working. But I still
> can't get the session validator and form validator to work. Could you
please
> post an example of the XML file you use in your Form or Session
validators?
> I'm trying to be really simple right now with mine:
>
> <?xml version="1.0"?>
> <root>
>     <parameter name="user_name" type="string" nullable="no"/>
> </root>
>
> Here is an exerpt of my sitemap. I took the FormValidator off the
> do_login.xsp to get the DBAuth working.
>
>             <!-- unprotected login page -->
>             <map:match pattern="login.xsp">
>                 <map:generate type="serverpages" src="logic/login.xsp"/>
>                 <map:transform src="../stylesheets/site_format.xsl"/>
>                 <map:transform src="stylesheets/login.xsl"/>
>                 <map:serialize/>
>             </map:match>
>
>
>             <!--
>              | The page do_login does not actually exist this is just a
> dummy
>              | target for the login auth to take place at.
>              -->
>             <map:match pattern="do_login.xsp">
>                 <!-- now try to log in -->
>                 <map:act type="db-authenticator">
>                     <map:parameter name="descriptor"
> value="context://house_bills/descriptors/auth.xml"/>
>
>                     <!-- now go to protected area -->
>                     <map:redirect-to uri="index.xsp"/>
>                 </map:act>
>
>                 <!-- something was wrong, try it again -->
>                 <map:redirect-to uri="login.xsp"/>
>             </map:match>
>
>
>             <!--
>              | Just like with do_login.xsp there is no logout.xsp page. It
> is
>              | just a dummy target which kills the user's session.
>              -->
>             <map:match pattern="logout.xsp">
>                 <map:act type="session-invalidator">
>                     <map:redirect-to uri="login.xsp"/>
>                 </map:act>
>             </map:match>
>
>             <!-- the whole site requires a login so we do special
> excludes -->
>             <map:match pattern="*.xsp">
>                 <map:act type="session-validator">
>                     <map:parameter name="descriptor"
> value="context://house_bills/descriptors/params.xml"/>
>                     <map:parameter name="validate" value="user_name"/>
>
>                     <!-- Now generate the page -->
>                     <map:generate type="serverpages" src="logic/{1}.xsp"/>
>                     <map:transform src="../stylesheets/site_format.xsl"/>
>                     <map:transform src="stylesheets/{1}.xsl"/>
>                     <map:serialize/>
>                     <!-- End generated page -->
>                 </map:act>
>
>                 <!-- something was wrong, redirect to login page -->
>                 <map:redirect-to uri="login.xsp"/>
>             </map:match>
>
>
> ----- Original Message -----
> From: "Dave Covert" <dwcovert@yahoo.com>
> To: <cocoon-users@xml.apache.org>
> Sent: Sunday, June 30, 2002 10:54 PM
> Subject: Re: Form Validator
>
>
> > Eric-
> > I have a simple authentication running with mySql.
> >
> > The db-authenticator is missing from the pipeline given. form-validator
is
> > only validating that the values in your form meet the constraints in
> > params.xml. db-authenticator will check the database table against what
> the
> > user typed in.
> >
> > The corresponding pipeline in my sub-site is:
> >       <map:match pattern="do-login">
> >         <!-- first validate whether submitted values are ok -->
> >         <map:act type="form-validator">
> >           <map:parameter name="descriptor"
> > value="context://wbs/descriptors/params.xml"/>
> >           <map:parameter name="validate" value="user_id"/>
> >           <!-- now try to log in -->
> >           <map:act type="db-authenticator">
> >             <map:parameter name="descriptor"
> > value="context://wbs/descriptors/auth.xml"/>
> >             <!-- now go to protected area -->
> >             <map:redirect-to uri="protected"/>
> >           </map:act>
> >   </map:act>
> >         <!-- something was wrong, try it again -->
> >   <map:redirect-to uri="login"/>
> >       </map:match>
> > (Yes, it was shamelessly stolen from the example.)
> > The auth.xml I use looks like this:
> > <?xml version="1.0" encoding="UTF-8"?>
> > <auth-descriptor>
> >   <connection>wbs</connection>
> >   <table name="tbl_users">
> >     <select dbcol="user_id" request-param="user_id"
to-session="user_id"/>
> >     <select dbcol="user_password" request-param="user_password"
> > to-session="user_password"/>
> >     <select dbcol="user_permission" to-session="user_permission"
> > type="string"/>
> >   </table>
> > </auth-descriptor>
> >
> > An item of note: the names for the id & password MUST match in login.xsp
> > (request name - html form), in params.xml (name=), and auth.xml
> > (request-param=). The "dbcol" in auth.xml is the column name in your
> table -
> > "user_name" from your table def.
> > If the request name in login.xsp (from the html form) is not the same as
> in
> > params.xml (in your case "user_id") that may be why the form is not
> > validated - sending you back to login.
> >
> >
> > Then, assuming other pipes will be 'protected' you need to wrap each
one.
> > Such as:
> >   <map:match pattern="*-meter.html*">
> >     <map:act type="session-validator">
> >       <map:parameter name="descriptor"
> > value="context://wbs//descriptors/params.xml"/>
> >       <map:parameter name="validate" value="user_id, user_password"/>
> >       <!-- Now generate the page -->
> >       <map:generate type="serverpages" src="docs/{../1}-meter.xsp"/>
> >       <map:transform src="stylesheets/wbs.xsl"/>
> >       <map:serialize/>
> >       <!-- End generated page -->
> >     </map:act>
> >     <!-- something was wrong, redirect to login page -->
> >     <map:redirect-to uri="login"/>
> >   </map:match>
> > "session-validator" will validate that the user_id & user_password
(placed
> > in session variables by "db-authenticator" from the "to-session" of
> > auth.xml) are valid. It only checks validity in terms of a 'form'
check -
> it
> > does not access the database again (as far as I know).
> > These values are invalidated on session timeout, forcing the user to
login
> > again.
> > Since I am still playing, I am allowing the password to stay around as a
> > session variable.
> >
> > On your PASSWORD() function question, I can not help. My guess is that
you
> > would have to modify (or make your own)
> > org.apache.cocoon.acting.FormValidatorAction.
> >
> > HTH
> > Dave...................
> >
> > ----- Original Message -----
> > From: "Eric Dalquist" <ebdalqui@mtu.edu>
> > To: <cocoon-users@xml.apache.org>
> > Sent: Saturday, June 29, 2002 12:06 PM
> > Subject: Form Validator
> >
> >
> > > I've been trying to get the form validator and DB Validator working
for
> > > about a week now. I decided to try and just got the form stuff working
> > first
> > > but I can't even get that. I'm running Cocoon 2.0.2-dev and Tomcat
> 4.1.3.
> > >
> > > In my sitemap.xmap I have the following:
> > >
> > > <!--
> > >  | The page do_login does not actually exist this is just a dummy
> > >  | target for the login auth to take place at.
> > >  -->
> > > <map:match pattern="do_login.xsp">
> > >     <map:act type="form-validator">
> > >         <map:parameter name="descriptor"
> > > value="context://house_bills/descriptors/params.xml"/>
> > >         <map:parameter name="validate-set" value="user-pass"/>
> > >
> > >         <map:redirect-to uri="index.xsp"/>
> > >     </map:act>
> > >
> > >     <map:redirect-to uri="login.xsp"/>
> > > </map:match>
> > >
> > > login.xsp has a form that posts to do_login.xsp and has two inputs
named
> > > user_name and user_password.
> > >
> > > Here is my params.xml
> > > <?xml version="1.0"?>
> > > <root>
> > >   <parameter name="user_name" type="string" nullable="no"/>
> > >   <parameter name="user_password" type="string" nullable="no"/>
> > >
> > >   <constraint-set name="name-pass">
> > >     <validate name="user_name"/>
> > >     <validate name="user_password"/>
> > >   </constraint-set>
> > > </root>
> > >
> > > I've checked through the logs and there aren't any context errors so
> > Cocoon
> > > seems to be finding the params.xml file OK. Everytime I submit the
form
> I
> > > get bounced back to the login.xsp page instead of getting sent to
> > index.xsp.
> > > It doesn't matter if I don't put anything in the inputs or have valid
> data
> > > in both.
> > >
> > > I would also like to be able to validate the user_name &
password_fields
> > > against a MySQL database and setting the value in the corresponding
> > user_id
> > > column in a session variable. I played with it a little and cocoon was
> > > connection to the DB but not authenticating, I don't have my
descriptor
> > file
> > > for that any more. Here is my DDL for the table I want to auth
against.
> > >
> > > CREATE TABLE `users` (
> > >   `user_id` int(11) unsigned NOT NULL auto_increment,
> > >   `user_name` varchar(255) NOT NULL default '',
> > >   `user_password` varchar(16) NOT NULL default '',
> > >   `user_first_name` varchar(255) NOT NULL default '',
> > >   `user_last_name` varchar(255) NOT NULL default '',
> > >   `user_email` varchar(255) NOT NULL default '',
> > >   `user_status` tinyint(4) unsigned NOT NULL default '1',
> > >   PRIMARY KEY  (`user_id`),
> > >   UNIQUE KEY `user_login` (`user_name`,`user_password`),
> > >   UNIQUE KEY `user_id` (`user_id`)
> > > ) TYPE=MyISAM
> > >
> > > My other question with the DBAuth stuff is can cocoon run the
submitted
> > > password through MySQLs PASSWORD() function? I would really like to be
> > able
> > > to keep the password column in the table encrypted and still be able
to
> > use
> > > the DBAuth stuff.
> > >
> > > I hope someone can give me a hand with this. After a week of searching
> the
> > > mailing lists, coocon site and web in general I'm stuck!
> > >
> > > -Eric Dalquist
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Please check that your question  has not already been answered in the
> > > FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>
> > >
> > > To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
> > > For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>
> >
> >
> >
> > ---------------------------------------------------------------------
> > Please check that your question  has not already been answered in the
> > FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>
> >
> > To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
> > For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>
> >
>
>
>
> ---------------------------------------------------------------------
> Please check that your question  has not already been answered in the
> FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
> For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>
>



---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>


Mime
View raw message