cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Sallade <>
Subject RE: Authentication framework: SQL question.
Date Wed, 07 May 2003 14:05:57 GMT

Looks like you are close.  The username and password are probably
character fields in your database, so you would need single quotes
around the values in your query where clause...

       select name, password
         from login
        where name = '<xsl:value-of select = "$name"/>'
          and password = '<xsl:value-of select = "$password"/>'

However, usually with authentication you will want to redirect to
a different page if the credentials are not valid.  That is why it
is common to use xsp.  It is also possible to have another stylesheet
after the SQL Transformer to detect an empty result set and display
an invalid login message.


-----Original Message-----
From: Kogan Irina []
Sent: Tuesday, May 06, 2003 9:33 AM
Subject: Authentication framework: SQL question.

Hello everybody,

I am using TomCat and the authentication framework in Cocoon.  Does anybody
know how I can read names and passwords from the database and to compare
them to the request parameters?  I am trying to do the following in my
stylesheet called insertparameters.xsl (XSLT transformations):


<xsl:param name="name"/>
<xsl:param name="password"/>


<sql:execute-query xmlns:sql="">
       <sql:query>select name, password from login where name =
<xsl:value-of select =    "$name"/> and password = <xsl:value-of select =


(And I am specifying this in my sitemap:
<map:transform src="stylesheets/insertparameters.xsl"/>
<map:transform type="sql" >
      <map:parameter name="use-connection" value="dbtest" />
      <map:parameter name="use-request-parameters" value="true"/> 

This query seems to always have an empty set as an answer (even though
without the where close it works properly).  Am I getting the value of the
request parameter incorrectly? "{$name}" or saving the result of the request
parameter in the sql:parameter and then acessing it through @ did not work
either.  How can I fix this problem?  

Does anybody have any examples for this kind of SQL statements (preferably
the ones for authentication framework)?

Thanks a lot!  I really appreciate your help!


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message