cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sonny Sukumar" <>
Subject Re: 1 more auth question..
Date Sun, 24 Aug 2003 00:27:58 GMT

Hi Andrew,

Thanks for that tip.  But there seems to be something else going on as 

If the login succeeds, the correct static html file is shown (see the the 
sitemap snippet I gave before--below), but if it fails then I end up being 
redirected to the "redirect-to" page defined for the auth handler.  I 
thought that if the auth-login fails, then it would just read whatever comes 
after the action (another static html file, for testing at least).

To add to the strangeness, the redirected to page (a login page I generate) 
shows the originally requested URI  (I embed the originally requested URI in 
the generated login page) as getting the userName and password each 
**twice**.  Here's what it says is the originally requested URI:


The Cocoon documentation doesn't say anything to explain this behavior, but 
then again it wasn't very clear about the other things either.

Do you have any ideas on this?

Thanks again,


>From: Andrew Timberlake <>
>Subject: Re: 1 more auth question..
>Date: Sat, 23 Aug 2003 15:34:57 +0200
>Look at this snippet:
><map:parameter name="parameter_userName"
>  value="{request-param:userName}"/>
><map:parameter name="parameter_password"
>  value="{request-param:password}"/>
>Here you are passing two parameters to the auth action named 
>parameter_userName and parameter_password. The values of each of these 
>parameters is coming directly from the request parameters via the 
>request-param input module.
>If you look at the source for the auth-login action 
>(org.apache.cocoon.webapps.authentication.acting.LoginAction) on lines 
>104-107 the action is taking all parameters beginning with "parameter_" and 
>passing them as parameters to the authentication resource.
>ie. if you set the above parameters for the auth-login action, they will be 
>passed to your XSP as two parameters: userName and password (dropped the 
>"parameter_" bit.
>Therefore your XSP code should be similar to the following:
>String userName = parameters.getParameter("userName");
>String password = parameters.getParameter("password");
>Hope this helps
>Sonny Sukumar wrote:
>>Hi all,
>>I'm not clear on how the authentication resource gets parameters that are 
>>passed to it from <auth-login>.  My auth resource is an XSP, and I try to 
>>fetch them as request params.  However, I'm not sure if that's correct 
>>because I've verified that my auth resource produces output matching the 
>><authentication>...</authentication> scheme it is supposed to when given

>>request params, but yet the <auth-login> always seems to fail.
>>Here's my sitemap snippet:
>>    <!-- Try to log in an admin. -->
>>    <map:match pattern="adminLogin">
>>        <map:act type="auth-login">
>>          <map:parameter name="handler" value="adminAuthHandler"/>
>>          <map:parameter name="parameter_userName" 
>>          <map:parameter name="parameter_password" 
>>          <!-- Really should be a redirect here, but this is for 
>>simplicity of illustration.-->
>>          <map:read src="myapp/authSuccessful.html"/>
>>        </map:act>
>>        <!-- Authentication failed -->
>>        <map:read src="myapp/authFailed.html"/>
>>    </map:match>
>>    <!-- Auth resource -->
>>    <map:match pattern="authenticateAdmin">
>>        <map:generate src="redpouch/xml/authenticateAdmin.xsp" 
>>        <map:serialize type="xml"/>
>>    </map:match>
>>Here's my handler declaration:
>><!-- Authenticates site administrators. -->
>><handler name="adminAuthHandler">
>>  <redirect-to uri="cocoon:/getAdminLoginPage"/>
>>  <authentication uri="cocoon:/raw:/authenticateAdmin"/>
>>So I try to do 'request.getParameter("userName")' and 
>>'request.getParameter("password")' in my XSP (i.e. my auth resource), but 
>>authFailed.html is **always** shown, whether or not the user name/password 
>>combination is valid.
>>I also still don't quite understand why the 'raw:/' subprotocol needs to 
>>be used in the <authentication> tag in the handler.  It is that way in the 
>>docs, but I tried both with and without it, and the auth fails no matter 
>>I'd appreciate any hints. :-)
>>MSN 8: Get 6 months for $9.95/month.
>>To unsubscribe, e-mail:
>>For additional commands, e-mail:
>To unsubscribe, e-mail:
>For additional commands, e-mail:

MSN 8: Get 6 months for $9.95/month.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message