cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From beyaNet Consultancy <>
Subject Re: Actions, pipelines, javabeans...
Date Mon, 19 Jan 2004 18:08:56 GMT
I hear what you are saying and have already implemented the following 

			<map:match pattern="login">
				<map:act type="validator">
				<map:parameter name="descriptor" 
				<map:parameter name="validate-set" value="login" />
					<map:act type="authenticator">
					<!-- Ok, login details are being checked. If they exist we get 
logged into system -->
						<map:parameter name="descriptor" 
						<map:redirect-to uri="support/home"/>
				<!-- if not we get redirected back to the login page -->
				<map:redirect-to uri="login.html" />
			<map:match type="sessionstate" pattern="*">
				<map:parameter name="attribute-name" value="pass" />
				<map:parameter name="attribute-name" value="user" />

				<!-- protected pipelines go here -->
				<map:match pattern="support/home">
                  ........ pipelines here .............


	<table name="usertbl">
		<select dbcol="username" request-param="user" to-session="user" />
		<select dbcol="userpassword" request-param="pass" 
to-session="password" />

But I want to be able to maintain a consistent relationship between 
object parameters and the database. I suppose the user details example 
is wrong as an example, think more in terms of a shopping cart. My 
objective is to enable users to purchase items from the site. How would 
I be able to update the session variables and write them to a database, 
ala EJb, with the method you describe? I have come across hibernate 
which maintains a persistent relationship between object information 
and what is held in the database, and am investigating that route at 
the moment.. what do you think?

On 19 Jan 2004, at 17:28, Morley Howell wrote:

> Andrew,
> I still believe that you are making this far more complex than it 
> needs to
> be!
> Instead of writing your own Action, use the authentication framework 
> that
> comes with Cocoon. It has an action called 'auth-protect' that does
> everything you need it to do. It verifies that the user is logged in. 
> If the
> user is not logged in, it redirects them to a login page that you 
> configure.
> If they are logged in, it makes any information about that user 
> available in
> the session in a way that's easy to use in Cocoon. You don't have to 
> write
> your own Action, you don't have to write a JavaBean, you don't have to 
> worry
> about maintaining the user information in the session - it does all of 
> that
> for you!!!
> To protect a resource, you would use it in your pipeline something like
> this:
> <map:match pattern="some-protected-resource">
>   <map:act type="auth-protect">
>     <map:parameter name="handler" value="my-handler"/>
>     ... whatever stuff you want here ...
>   </map:act>
> </map:match>
> You configure the authentication framework with a handler called
> 'my-handler'. You can configure it with a URL to redirect to if the 
> user is
> not logged in. You also configure it to get its authentication 
> information
> from an internal pipeline. This other pipeline is where you access your
> database to verify the user's password and retrieve any other 
> information
> you want to maintain about the user. It might look something like this:
> <map:match pattern="authenticate">
>   <map:generate src="authenticate-query.xml"/>
>   <map:transform type="sql">
>     <map:parameter name="use-connection" value="my-connection"/>
>     <map:parameter name="username" value="{request-param:username}"/>
>     <map:parameter name="password" value="{request-param:password}"/>
>   </map:transform>
>   <map:transform type="xslt" 
> src="stylesheets/query-2-auth-result.xsl"/>
>   <map:serialize type="xml"/>
> </map:match>
> The XML returned from this pipeline has to follow a very simple format
> defined by the authentication framework. That format has a spot where 
> you
> can put whatever XML you want, including first name, last name, 
> address,
> shoe size, favourite colour, whatever. The XML returned from this
> authentication pipeline is then attached to the session and is 
> available
> back in your main pipeline. In other words, the section of your main
> pipeline after the auth-protect action could look like this:
>     <map:aggregate element="page">
>       <map:part element="user" src="cocoon:/get-auth-context"/>
>       <map:part element="content" src="main.xml"/>
>     </map:aggregate>
>     <map:transform type="xslt"
> src="stylesheets/combine-user-and-content.xsl"/>
> You should probably use cinclude instead of the aggregation, but this 
> is
> clearer as an example.
> So again, I would recommend using the components built in to Cocoon,
> including the authentication framework and the SQL transformer. I urge 
> you
> to check out these URLs:
> You should not have to code a SINGLE LINE of Java.
> Morley
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message