cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sonny Sukumar" <>
Subject Re: 1 more auth question..
Date Sun, 24 Aug 2003 06:46:43 GMT

Update: I was mistake before when I said that if the login suceeds, the 
correct html file is shown.  It's not.  Rather, in both cases I'm redirected 
to the pipeline defined in the authentication handler.

To reiterate, this confuses me because I thought no such redirect should 
ever occur with auth-login, but rather only with auth-protect.  Again, take 
a look at the sitemap snippet from my original post (below here).

Any insights would be great,


>From: "Sonny Sukumar" <>

>Hi Andrew,
>Thanks for that tip.  But there seems to be something else going on as 
>If the login succeeds, the correct static html file is shown (see the the 
>sitemap snippet I gave before--below), but if it fails then I end up being 
>redirected to the "redirect-to" page defined for the auth handler.  I 
>thought that if the auth-login fails, then it would just read whatever 
>comes after the action (another static html file, for testing at least).
>To add to the strangeness, the redirected to page (a login page I generate) 
>shows the originally requested URI  (I embed the originally requested URI 
>in the generated login page) as getting the userName and password each 
>**twice**.  Here's what it says is the originally requested URI:
>The Cocoon documentation doesn't say anything to explain this behavior, but 
>then again it wasn't very clear about the other things either.
>Do you have any ideas on this?
>Thanks again,
>>From: Andrew Timberlake <>
>>Subject: Re: 1 more auth question..
>>Date: Sat, 23 Aug 2003 15:34:57 +0200
>>Look at this snippet:
>><map:parameter name="parameter_userName"
>>  value="{request-param:userName}"/>
>><map:parameter name="parameter_password"
>>  value="{request-param:password}"/>
>>Here you are passing two parameters to the auth action named 
>>parameter_userName and parameter_password. The values of each of these 
>>parameters is coming directly from the request parameters via the 
>>request-param input module.
>>If you look at the source for the auth-login action 
>>(org.apache.cocoon.webapps.authentication.acting.LoginAction) on lines 
>>104-107 the action is taking all parameters beginning with "parameter_" 
>>and passing them as parameters to the authentication resource.
>>ie. if you set the above parameters for the auth-login action, they will 
>>be passed to your XSP as two parameters: userName and password (dropped 
>>the "parameter_" bit.
>>Therefore your XSP code should be similar to the following:
>>String userName = parameters.getParameter("userName");
>>String password = parameters.getParameter("password");
>>Hope this helps
>>Sonny Sukumar wrote:
>>>Hi all,
>>>I'm not clear on how the authentication resource gets parameters that are 
>>>passed to it from <auth-login>.  My auth resource is an XSP, and I try to

>>>fetch them as request params.  However, I'm not sure if that's correct 
>>>because I've verified that my auth resource produces output matching the 
>>><authentication>...</authentication> scheme it is supposed to when
>>>request params, but yet the <auth-login> always seems to fail.
>>>Here's my sitemap snippet:
>>>    <!-- Try to log in an admin. -->
>>>    <map:match pattern="adminLogin">
>>>        <map:act type="auth-login">
>>>          <map:parameter name="handler" value="adminAuthHandler"/>
>>>          <map:parameter name="parameter_userName" 
>>>          <map:parameter name="parameter_password" 
>>>          <!-- Really should be a redirect here, but this is for 
>>>simplicity of illustration.-->
>>>          <map:read src="myapp/authSuccessful.html"/>
>>>        </map:act>
>>>        <!-- Authentication failed -->
>>>        <map:read src="myapp/authFailed.html"/>
>>>    </map:match>
>>>    <!-- Auth resource -->
>>>    <map:match pattern="authenticateAdmin">
>>>        <map:generate src="redpouch/xml/authenticateAdmin.xsp" 
>>>        <map:serialize type="xml"/>
>>>    </map:match>
>>>Here's my handler declaration:
>>><!-- Authenticates site administrators. -->
>>><handler name="adminAuthHandler">
>>>  <redirect-to uri="cocoon:/getAdminLoginPage"/>
>>>  <authentication uri="cocoon:/raw:/authenticateAdmin"/>
>>>So I try to do 'request.getParameter("userName")' and 
>>>'request.getParameter("password")' in my XSP (i.e. my auth resource), but 
>>>authFailed.html is **always** shown, whether or not the user 
>>>name/password combination is valid.
>>>I also still don't quite understand why the 'raw:/' subprotocol needs to 
>>>be used in the <authentication> tag in the handler.  It is that way in 
>>>the docs, but I tried both with and without it, and the auth fails no 
>>>matter what.
>>>I'd appreciate any hints. :-)
>>>MSN 8: Get 6 months for $9.95/month. 
>>>To unsubscribe, e-mail:
>>>For additional commands, e-mail:
>>To unsubscribe, e-mail:
>>For additional commands, e-mail:
>MSN 8: Get 6 months for $9.95/month.
>To unsubscribe, e-mail:
>For additional commands, e-mail:

Get MSN 8 and help protect your children with advanced parental controls.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message