cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Dalquist" <ebdal...@mtu.edu>
Subject Re: Form Validator
Date Mon, 01 Jul 2002 14:22:43 GMT
Thanks for the tips Dave. I have the DBAuthenticator working. But I still
can't get the session validator and form validator to work. Could you please
post an example of the XML file you use in your Form or Session validators?
I'm trying to be really simple right now with mine:

<?xml version="1.0"?>
<root>
    <parameter name="user_name" type="string" nullable="no"/>
</root>

Here is an exerpt of my sitemap. I took the FormValidator off the
do_login.xsp to get the DBAuth working.

            <!-- unprotected login page -->
            <map:match pattern="login.xsp">
                <map:generate type="serverpages" src="logic/login.xsp"/>
                <map:transform src="../stylesheets/site_format.xsl"/>
                <map:transform src="stylesheets/login.xsl"/>
                <map:serialize/>
            </map:match>


            <!--
             | The page do_login does not actually exist this is just a
dummy
             | target for the login auth to take place at.
             -->
            <map:match pattern="do_login.xsp">
                <!-- now try to log in -->
                <map:act type="db-authenticator">
                    <map:parameter name="descriptor"
value="context://house_bills/descriptors/auth.xml"/>

                    <!-- now go to protected area -->
                    <map:redirect-to uri="index.xsp"/>
                </map:act>

                <!-- something was wrong, try it again -->
                <map:redirect-to uri="login.xsp"/>
            </map:match>


            <!--
             | Just like with do_login.xsp there is no logout.xsp page. It
is
             | just a dummy target which kills the user's session.
             -->
            <map:match pattern="logout.xsp">
                <map:act type="session-invalidator">
                    <map:redirect-to uri="login.xsp"/>
                </map:act>
            </map:match>

            <!-- the whole site requires a login so we do special
excludes -->
            <map:match pattern="*.xsp">
                <map:act type="session-validator">
                    <map:parameter name="descriptor"
value="context://house_bills/descriptors/params.xml"/>
                    <map:parameter name="validate" value="user_name"/>

                    <!-- Now generate the page -->
                    <map:generate type="serverpages" src="logic/{1}.xsp"/>
                    <map:transform src="../stylesheets/site_format.xsl"/>
                    <map:transform src="stylesheets/{1}.xsl"/>
                    <map:serialize/>
                    <!-- End generated page -->
                </map:act>

                <!-- something was wrong, redirect to login page -->
                <map:redirect-to uri="login.xsp"/>
            </map:match>


----- Original Message -----
From: "Dave Covert" <dwcovert@yahoo.com>
To: <cocoon-users@xml.apache.org>
Sent: Sunday, June 30, 2002 10:54 PM
Subject: Re: Form Validator


> Eric-
> I have a simple authentication running with mySql.
>
> The db-authenticator is missing from the pipeline given. form-validator is
> only validating that the values in your form meet the constraints in
> params.xml. db-authenticator will check the database table against what
the
> user typed in.
>
> The corresponding pipeline in my sub-site is:
>       <map:match pattern="do-login">
>         <!-- first validate whether submitted values are ok -->
>         <map:act type="form-validator">
>           <map:parameter name="descriptor"
> value="context://wbs/descriptors/params.xml"/>
>           <map:parameter name="validate" value="user_id"/>
>           <!-- now try to log in -->
>           <map:act type="db-authenticator">
>             <map:parameter name="descriptor"
> value="context://wbs/descriptors/auth.xml"/>
>             <!-- now go to protected area -->
>             <map:redirect-to uri="protected"/>
>           </map:act>
>   </map:act>
>         <!-- something was wrong, try it again -->
>   <map:redirect-to uri="login"/>
>       </map:match>
> (Yes, it was shamelessly stolen from the example.)
> The auth.xml I use looks like this:
> <?xml version="1.0" encoding="UTF-8"?>
> <auth-descriptor>
>   <connection>wbs</connection>
>   <table name="tbl_users">
>     <select dbcol="user_id" request-param="user_id" to-session="user_id"/>
>     <select dbcol="user_password" request-param="user_password"
> to-session="user_password"/>
>     <select dbcol="user_permission" to-session="user_permission"
> type="string"/>
>   </table>
> </auth-descriptor>
>
> An item of note: the names for the id & password MUST match in login.xsp
> (request name - html form), in params.xml (name=), and auth.xml
> (request-param=). The "dbcol" in auth.xml is the column name in your
table -
> "user_name" from your table def.
> If the request name in login.xsp (from the html form) is not the same as
in
> params.xml (in your case "user_id") that may be why the form is not
> validated - sending you back to login.
>
>
> Then, assuming other pipes will be 'protected' you need to wrap each one.
> Such as:
>   <map:match pattern="*-meter.html*">
>     <map:act type="session-validator">
>       <map:parameter name="descriptor"
> value="context://wbs//descriptors/params.xml"/>
>       <map:parameter name="validate" value="user_id, user_password"/>
>       <!-- Now generate the page -->
>       <map:generate type="serverpages" src="docs/{../1}-meter.xsp"/>
>       <map:transform src="stylesheets/wbs.xsl"/>
>       <map:serialize/>
>       <!-- End generated page -->
>     </map:act>
>     <!-- something was wrong, redirect to login page -->
>     <map:redirect-to uri="login"/>
>   </map:match>
> "session-validator" will validate that the user_id & user_password (placed
> in session variables by "db-authenticator" from the "to-session" of
> auth.xml) are valid. It only checks validity in terms of a 'form' check -
it
> does not access the database again (as far as I know).
> These values are invalidated on session timeout, forcing the user to login
> again.
> Since I am still playing, I am allowing the password to stay around as a
> session variable.
>
> On your PASSWORD() function question, I can not help. My guess is that you
> would have to modify (or make your own)
> org.apache.cocoon.acting.FormValidatorAction.
>
> HTH
> Dave...................
>
> ----- Original Message -----
> From: "Eric Dalquist" <ebdalqui@mtu.edu>
> To: <cocoon-users@xml.apache.org>
> Sent: Saturday, June 29, 2002 12:06 PM
> Subject: Form Validator
>
>
> > I've been trying to get the form validator and DB Validator working for
> > about a week now. I decided to try and just got the form stuff working
> first
> > but I can't even get that. I'm running Cocoon 2.0.2-dev and Tomcat
4.1.3.
> >
> > In my sitemap.xmap I have the following:
> >
> > <!--
> >  | The page do_login does not actually exist this is just a dummy
> >  | target for the login auth to take place at.
> >  -->
> > <map:match pattern="do_login.xsp">
> >     <map:act type="form-validator">
> >         <map:parameter name="descriptor"
> > value="context://house_bills/descriptors/params.xml"/>
> >         <map:parameter name="validate-set" value="user-pass"/>
> >
> >         <map:redirect-to uri="index.xsp"/>
> >     </map:act>
> >
> >     <map:redirect-to uri="login.xsp"/>
> > </map:match>
> >
> > login.xsp has a form that posts to do_login.xsp and has two inputs named
> > user_name and user_password.
> >
> > Here is my params.xml
> > <?xml version="1.0"?>
> > <root>
> >   <parameter name="user_name" type="string" nullable="no"/>
> >   <parameter name="user_password" type="string" nullable="no"/>
> >
> >   <constraint-set name="name-pass">
> >     <validate name="user_name"/>
> >     <validate name="user_password"/>
> >   </constraint-set>
> > </root>
> >
> > I've checked through the logs and there aren't any context errors so
> Cocoon
> > seems to be finding the params.xml file OK. Everytime I submit the form
I
> > get bounced back to the login.xsp page instead of getting sent to
> index.xsp.
> > It doesn't matter if I don't put anything in the inputs or have valid
data
> > in both.
> >
> > I would also like to be able to validate the user_name & password_fields
> > against a MySQL database and setting the value in the corresponding
> user_id
> > column in a session variable. I played with it a little and cocoon was
> > connection to the DB but not authenticating, I don't have my descriptor
> file
> > for that any more. Here is my DDL for the table I want to auth against.
> >
> > CREATE TABLE `users` (
> >   `user_id` int(11) unsigned NOT NULL auto_increment,
> >   `user_name` varchar(255) NOT NULL default '',
> >   `user_password` varchar(16) NOT NULL default '',
> >   `user_first_name` varchar(255) NOT NULL default '',
> >   `user_last_name` varchar(255) NOT NULL default '',
> >   `user_email` varchar(255) NOT NULL default '',
> >   `user_status` tinyint(4) unsigned NOT NULL default '1',
> >   PRIMARY KEY  (`user_id`),
> >   UNIQUE KEY `user_login` (`user_name`,`user_password`),
> >   UNIQUE KEY `user_id` (`user_id`)
> > ) TYPE=MyISAM
> >
> > My other question with the DBAuth stuff is can cocoon run the submitted
> > password through MySQLs PASSWORD() function? I would really like to be
> able
> > to keep the password column in the table encrypted and still be able to
> use
> > the DBAuth stuff.
> >
> > I hope someone can give me a hand with this. After a week of searching
the
> > mailing lists, coocon site and web in general I'm stuck!
> >
> > -Eric Dalquist
> >
> >
> >
> > ---------------------------------------------------------------------
> > Please check that your question  has not already been answered in the
> > FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>
> >
> > To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
> > For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>
>
>
>
> ---------------------------------------------------------------------
> Please check that your question  has not already been answered in the
> FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
> For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>
>



---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <cocoon-users-unsubscribe@xml.apache.org>
For additional commands, e-mail:   <cocoon-users-help@xml.apache.org>


Mime
View raw message