cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Timberlake <and...@timberlake.co.za>
Subject Re: 1 more auth question..
Date Sun, 24 Aug 2003 10:58:22 GMT
Sonny

I've had a look and I'm not sure why this is happenning.
There are bits of the sitemap missing which are still part of the auth 
process such as your login page itself. Maybe the problem lies there 
somewhere???

Sorry I can't help further.

Andrew

Sonny Sukumar wrote:
> 
> Update: I was mistake before when I said that if the login suceeds, the 
> correct html file is shown.  It's not.  Rather, in both cases I'm 
> redirected to the pipeline defined in the authentication handler.
> 
> To reiterate, this confuses me because I thought no such redirect should 
> ever occur with auth-login, but rather only with auth-protect.  Again, 
> take a look at the sitemap snippet from my original post (below here).
> 
> Any insights would be great,
> 
> Sonny
> 
>> From: "Sonny Sukumar" <ahimsadesi@hotmail.com>
> 
> 
>>
>>
>> Hi Andrew,
>>
>> Thanks for that tip.  But there seems to be something else going on as 
>> well....
>>
>> If the login succeeds, the correct static html file is shown (see the 
>> the sitemap snippet I gave before--below), but if it fails then I end 
>> up being redirected to the "redirect-to" page defined for the auth 
>> handler.  I thought that if the auth-login fails, then it would just 
>> read whatever comes after the action (another static html file, for 
>> testing at least).
>>
>> To add to the strangeness, the redirected to page (a login page I 
>> generate) shows the originally requested URI  (I embed the originally 
>> requested URI in the generated login page) as getting the userName and 
>> password each **twice**.  Here's what it says is the originally 
>> requested URI:
>>
>> /adminLogin?password=test_pwd&userName=test_user&userName=test_user&password=test_pwd

>>
>>
>> The Cocoon documentation doesn't say anything to explain this 
>> behavior, but then again it wasn't very clear about the other things 
>> either.
>>
>> Do you have any ideas on this?
>>
>> Thanks again,
>>
>> Sonny
>>
>>> From: Andrew Timberlake <andrew@timberlake.co.za>
>>> Reply-To: users@cocoon.apache.org
>>> To: users@cocoon.apache.org
>>> Subject: Re: 1 more auth question..
>>> Date: Sat, 23 Aug 2003 15:34:57 +0200
>>>
>>> Sonny
>>>
>>> Look at this snippet:
>>> <map:parameter name="parameter_userName"
>>>  value="{request-param:userName}"/>
>>> <map:parameter name="parameter_password"
>>>  value="{request-param:password}"/>
>>> Here you are passing two parameters to the auth action named 
>>> parameter_userName and parameter_password. The values of each of 
>>> these parameters is coming directly from the request parameters via 
>>> the request-param input module.
>>>
>>> If you look at the source for the auth-login action 
>>> (org.apache.cocoon.webapps.authentication.acting.LoginAction) on 
>>> lines 104-107 the action is taking all parameters beginning with 
>>> "parameter_" and passing them as parameters to the authentication 
>>> resource.
>>> ie. if you set the above parameters for the auth-login action, they 
>>> will be passed to your XSP as two parameters: userName and password 
>>> (dropped the "parameter_" bit.
>>> Therefore your XSP code should be similar to the following:
>>> ...
>>> String userName = parameters.getParameter("userName");
>>> String password = parameters.getParameter("password");
>>> ...
>>>
>>> Hope this helps
>>>
>>> Andrew
>>>
>>> Sonny Sukumar wrote:
>>>
>>>>
>>>> Hi all,
>>>>
>>>> I'm not clear on how the authentication resource gets parameters 
>>>> that are passed to it from <auth-login>.  My auth resource is an 
>>>> XSP, and I try to fetch them as request params.  However, I'm not 
>>>> sure if that's correct because I've verified that my auth resource 
>>>> produces output matching the <authentication>...</authentication>

>>>> scheme it is supposed to when given request params, but yet the 
>>>> <auth-login> always seems to fail.
>>>>
>>>> Here's my sitemap snippet:
>>>>
>>>>    <!-- Try to log in an admin. -->
>>>>    <map:match pattern="adminLogin">
>>>>        <map:act type="auth-login">
>>>>          <map:parameter name="handler" value="adminAuthHandler"/>
>>>>          <map:parameter name="parameter_userName" 
>>>> value="{request-param:userName}"/>
>>>>          <map:parameter name="parameter_password" 
>>>> value="{request-param:password}"/>
>>>>
>>>>          <!-- Really should be a redirect here, but this is for 
>>>> simplicity of illustration.-->
>>>>          <map:read src="myapp/authSuccessful.html"/>
>>>>        </map:act>
>>>>
>>>>        <!-- Authentication failed -->
>>>>        <map:read src="myapp/authFailed.html"/>
>>>>    </map:match>
>>>>
>>>>    <!-- Auth resource -->
>>>>    <map:match pattern="authenticateAdmin">
>>>>        <map:generate src="redpouch/xml/authenticateAdmin.xsp" 
>>>> type="serverpages"/>
>>>>        <map:serialize type="xml"/>
>>>>    </map:match>
>>>>
>>>> Here's my handler declaration:
>>>>
>>>> <!-- Authenticates site administrators. -->
>>>> <handler name="adminAuthHandler">
>>>>  <redirect-to uri="cocoon:/getAdminLoginPage"/>
>>>>  <authentication uri="cocoon:/raw:/authenticateAdmin"/>
>>>> </handler>
>>>>
>>>> So I try to do 'request.getParameter("userName")' and 
>>>> 'request.getParameter("password")' in my XSP (i.e. my auth 
>>>> resource), but authFailed.html is **always** shown, whether or not 
>>>> the user name/password combination is valid.
>>>>
>>>> I also still don't quite understand why the 'raw:/' subprotocol 
>>>> needs to be used in the <authentication> tag in the handler.  It is

>>>> that way in the docs, but I tried both with and without it, and the 
>>>> auth fails no matter what.
>>>>
>>>> I'd appreciate any hints. :-)
>>>>
>>>> Sonny
>>>>
>>>> _________________________________________________________________
>>>> MSN 8: Get 6 months for $9.95/month. 
>>>> http://join.msn.com/?page=dept/dialup
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>>>> For additional commands, e-mail: users-help@cocoon.apache.org
>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>>> For additional commands, e-mail: users-help@cocoon.apache.org
>>>
>>
>> _________________________________________________________________
>> MSN 8: Get 6 months for $9.95/month. 
>> http://join.msn.com/?page=dept/dialup
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>> For additional commands, e-mail: users-help@cocoon.apache.org
>>
> 
> _________________________________________________________________
> Get MSN 8 and help protect your children with advanced parental 
> controls.  http://join.msn.com/?page=features/parental
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message