cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From beyaNet Consultancy <beya...@ntlworld.com>
Subject Re: Actions, pipelines, javabeans...
Date Mon, 19 Jan 2004 18:08:56 GMT
Morley,
I hear what you are saying and have already implemented the following 
pipeline:

			<map:match pattern="login">
				<map:act type="validator">
				<map:parameter name="descriptor" 
value="context://beyarecords/content/def/form_validation-def.xml"/>
				<map:parameter name="validate-set" value="login" />
					<map:act type="authenticator">
					<!-- Ok, login details are being checked. If they exist we get 
logged into system -->
						<map:parameter name="descriptor" 
value="context://beyarecords/content/def/login-def.xml"/>
						<map:redirect-to uri="support/home"/>
					</map:act>	
				</map:act>
				
				<!-- if not we get redirected back to the login page -->
				<map:redirect-to uri="login.html" />
			</map:match>
			
			<map:match type="sessionstate" pattern="*">
				<map:parameter name="attribute-name" value="pass" />
				<map:parameter name="attribute-name" value="user" />

				
				<!-- protected pipelines go here -->
				<map:match pattern="support/home">
                  ........ pipelines here .............

login-def.xml

<auth-descriptor>
	<connection>postgresql</connection>
	<table name="usertbl">
		<select dbcol="username" request-param="user" to-session="user" />
		<select dbcol="userpassword" request-param="pass" 
to-session="password" />
	</table>
</auth-descriptor>

But I want to be able to maintain a consistent relationship between 
object parameters and the database. I suppose the user details example 
is wrong as an example, think more in terms of a shopping cart. My 
objective is to enable users to purchase items from the site. How would 
I be able to update the session variables and write them to a database, 
ala EJb, with the method you describe? I have come across hibernate 
which maintains a persistent relationship between object information 
and what is held in the database, and am investigating that route at 
the moment.. what do you think?

Andrew
On 19 Jan 2004, at 17:28, Morley Howell wrote:

> Andrew,
>
> I still believe that you are making this far more complex than it 
> needs to
> be!
>
> Instead of writing your own Action, use the authentication framework 
> that
> comes with Cocoon. It has an action called 'auth-protect' that does
> everything you need it to do. It verifies that the user is logged in. 
> If the
> user is not logged in, it redirects them to a login page that you 
> configure.
> If they are logged in, it makes any information about that user 
> available in
> the session in a way that's easy to use in Cocoon. You don't have to 
> write
> your own Action, you don't have to write a JavaBean, you don't have to 
> worry
> about maintaining the user information in the session - it does all of 
> that
> for you!!!
>
> To protect a resource, you would use it in your pipeline something like
> this:
>
> <map:match pattern="some-protected-resource">
>   <map:act type="auth-protect">
>     <map:parameter name="handler" value="my-handler"/>
>     ... whatever stuff you want here ...
>   </map:act>
> </map:match>
>
> You configure the authentication framework with a handler called
> 'my-handler'. You can configure it with a URL to redirect to if the 
> user is
> not logged in. You also configure it to get its authentication 
> information
> from an internal pipeline. This other pipeline is where you access your
> database to verify the user's password and retrieve any other 
> information
> you want to maintain about the user. It might look something like this:
>
> <map:match pattern="authenticate">
>   <map:generate src="authenticate-query.xml"/>
>   <map:transform type="sql">
>     <map:parameter name="use-connection" value="my-connection"/>
>     <map:parameter name="username" value="{request-param:username}"/>
>     <map:parameter name="password" value="{request-param:password}"/>
>   </map:transform>
>   <map:transform type="xslt" 
> src="stylesheets/query-2-auth-result.xsl"/>
>   <map:serialize type="xml"/>
> </map:match>
>
> The XML returned from this pipeline has to follow a very simple format
> defined by the authentication framework. That format has a spot where 
> you
> can put whatever XML you want, including first name, last name, 
> address,
> shoe size, favourite colour, whatever. The XML returned from this
> authentication pipeline is then attached to the session and is 
> available
> back in your main pipeline. In other words, the section of your main
> pipeline after the auth-protect action could look like this:
>
>
>     <map:aggregate element="page">
>       <map:part element="user" src="cocoon:/get-auth-context"/>
>       <map:part element="content" src="main.xml"/>
>     </map:aggregate>
>     <map:transform type="xslt"
> src="stylesheets/combine-user-and-content.xsl"/>
>
> You should probably use cinclude instead of the aggregation, but this 
> is
> clearer as an example.
>
> So again, I would recommend using the components built in to Cocoon,
> including the authentication framework and the SQL transformer. I urge 
> you
> to check out these URLs:
>
> http://cocoon.apache.org/2.1/userdocs/transformers/sql-transformer.html
> http://cocoon.apache.org/2.1/developing/webapps/authentication.html
>
> You should not have to code a SINGLE LINE of Java.
>
> Morley
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>

Mime
View raw message