cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Guillard <pguill...@soociety.com>
Subject Re: cocoon authentication and database access
Date Fri, 06 Feb 2004 09:08:22 GMT
Many thanks JD & Flavio,

Actually i've been on this for 2 days! 

I tried all combinations in the esql :
<esql:parameter><xsp-request:get-parameter
name="name"/></esql:parameter>

and

<xsp-request:get-parameter name="name"/>

and i removed the xsl transformation that i added before.

The point is that my DB doesn't receive the request, but is connected
(the access in DB is made if i hard code a real login like this "where
email='toto'").

My inputs are named name and password cause i use the original login
page.Should i?

So i definitly think i don't pass the paramter name to the generator in
the sitemap :

     <map:generate src="esql.xsp" type="serverpages">
             <map:parameter name="use-request-parameters" value="true"/>
     </map:generate>
     <map:serialize type="xml"/>


I used original auth-fw components, since i work on the Portal samples
of  2.1.3 and 2.1 cvs without changes.

(In 2.1.4 sample my work interferes maybe with anonymous authentication
since the portal now shows a part without login and i have a popup alert
like this when i launch the portal : " Redirection limit for this URL
exceeded. Unable to load the requested page.This maybe caused by cookies
that are blocked"). 

Thanks for help!

Phil






On Fri, 2004-02-06 at 16:33, JD Daniels wrote:
> I would not try to pass the xsp through an xsl transformation.. it is 
> not needed. just serialize the xsp as xml...
> 
> <xsp:page>
> <authentication>
> <!-- esql here -->
> <authentication>
> 
> If you have no database results, the empty <authentication> is all thats 
> needed to fail a login attempt.
> 
> That said, I use woody and flow, but here is the relevant snippet:
> 
>              <map:match pattern="doLogin.xml">
>                  <map:act type="auth-loggedIn">
>                    <map:parameter name="handler" value="userhandler"/>
>                    <map:redirect-to uri="loggedin.xml"/>
>                  </map:act>
>                  <map:act type="auth-login">
>                      <map:parameter name="handler" value="userhandler"/>
>                      <map:parameter name="username" 
> value="{request:username}"/>
>                      <map:parameter name="password" 
> value="{request:password}"/>
>                      <map:redirect-to uri="{request:contextPath}"/>
>                  </map:act>
>                  <map:generate src="xml/LoginFailed.xml"/>
>                  <map:transform src="xsl/basic2document.xsl"/>
>                  <map:serialize/>
>              </map:match>
> 
> This assumes your form inputs are named username and password.
> 
> Also, I notice you are using the sunrise components. I do not how many 
> changes have been made, but this may be a factor. I use the auth-fw 
> components from the current 2.1 cvs head.
> 
> JD
> 
> Philippe Guillard wrote:
> > JD and Flavio,
> > 
> > I found interesting these lines you sent to generate a user XML file for
> > the auth-handler.I tested XSP generation in a separate sample to
> > guaranty i have the right result needed by the auth handler (i suggest
> > Flavio to do this cause i think your code doesn't render exactly this) :
> > 
> > <authentication>
> >     <ID>any_value</ID>
> >     <role>guest</role>
> >     <data></data>
> > </authentication>
> > 
> > But i still have a big problem : i'm still really bad with parameters
> > and the data entered in the login is not passed to my XSP/ESQL. Can you
> > tell me how you wrote your sitemap or tell me what is wrong in mine ?
> > 
> > May Tanks !
> > 
> > Phil
> > 
> > 
> > -----------------------------------------------------
> > 
> > This is mine, the sunrise part :
> > 
> >   <map:pipeline internal-only="true">
> >      <map:match pattern="sunrise-authuser">
> >  
> > <!-- ====== ORIGINAL PIPE from 2.1.3 same in 2.1.4-dev====== -->
> >        <!--  <map:generate src="esql.xsp" type="serverpages">
> >              <map:parameter name="use-request-parameters" value="true"/>
> >              <map:parameter name="parameter_name"
> > value="{request-param:name}"/> 
> >         </map:generate>
> >         <map:transform src="sql2html.xsl">
> >              <map:parameter name="use-request-parameters" value="true"/>
> >              <map:parameter name="servletPath"
> > value="{request:servletPath}"/>
> >              <map:parameter name="sitemapURI"
> > value="{request:sitemapURI}"/>
> >              <map:parameter name="contextPath"
> > value="{request:contextPath}"/>
> >              <map:parameter name="file" value=".xsp"/>
> >         </map:transform>
> >        <map:serialize type="xml"/> -->
> > <!-- ========== PIPE MODIFIED========= -->
> >         <map:generate src="esql.xsp" type="serverpages">
> >              <map:parameter name="use-request-parameters" value="true"/>
> >         </map:generate>
> >         <map:transform src="sql2html.xsl">
> >              <map:parameter name="use-request-parameters" value="true"/>
> >              <map:parameter name="servletPath"
> > value="{request:servletPath}"/>
> >              <map:parameter name="sitemapURI"
> > value="{request:sitemapURI}"/>
> >              <map:parameter name="contextPath"
> > value="{request:contextPath}"/>
> >              <map:parameter name="file" value=".xsp"/>
> >         </map:transform>
> >         <map:serialize type="xml"/>
> > 
> >      </map:match>
> > 
> > 
> > And this is my XSP esql.xsp  :
> > ---------------------------
> > 
> > <?xml version="1.0" encoding="ISO-8859-1"?>
> > 
> > <!-- CVS: $Id: esql.xsp,v 1.3 2003/04/17 20:47:30 haul Exp $ -->
> > 
> > <xsp:page language="java"
> >           xmlns:xsp="http://apache.org/xsp"
> >           xmlns:esql="http://apache.org/cocoon/SQL/v2">
> >            xmlns:xsp-request="http://apache.org/xsp/request/2.0"
> >            xmlns:util="http://apache.org/xsp/util/2.0"
> >     >
> > <authentication>
> >    <esql:connection>
> > 
> >      <esql:pool>goother</esql:pool>
> >        <esql:execute-query>
> >          <esql:query>select id,email from member where
> > email=<xsp-request:get-parameter name="name"/></esql:query>
> >          <esql:results>
> >               <esql:row-results>
> >                  <ID><esql:get-int column="id"/></ID>
> >                  <role>guest</role>
> > 	         <data></data>
> >               </esql:row-results>
> >           </esql:results>
> >           <esql:no-results>
> >           </esql:no-results>
> >        </esql:execute-query>
> > 
> >    </esql:connection>
> > </authentication>
> > </xsp:page>
> > 
> > and this is my sql2html.xsl
> > -----------------------------
> > 
> > <?xml version="1.0"?>
> > 
> > <xsl:stylesheet version="1.0"
> > xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
> >                            
> > xmlns:sql="http://apache.org/cocoon/SQL/2.0">
> >   <xsl:template match="authentication">
> >      <authentication><xsl:apply-templates/></authentication>
> >   </xsl:template>
> >   <xsl:template match="ID">
> >      <ID><xsl:apply-templates/></ID>
> >   </xsl:template>
> >   <xsl:template match="role">
> >      <role><xsl:apply-templates/></role>
> >   </xsl:template>
> >   <xsl:template match="data">
> >      <data><xsl:apply-templates/></data>
> >   </xsl:template>
> > </xsl:stylesheet>
> > 
> > 
> > On Wed, 2004-02-04 at 06:22, JD Daniels wrote:
> > 
> >>I believe the list frowns upon attachments :-)
> >>
> >>It doesn't matter what you use to generate your user xml. As long as it has
> >>the required <authentication> and <ID> elements, the auth-fw can
use it. The
> >>sample uses xsl transformations, and i use a simple xsp with esql.
> >>This makes a bunch of assumptions... ie i have a table for users, and a
> >>table for roles. you need a connection pool set up in cocoon.xconf, and you
> >>have some method of adding users and roles to your database. The write
> >>source at the end is just how i log people logging in.
> >>
> >><?xml version="1.0"?>
> >><xsp:page language="java"
> >>    xmlns:xsp="http://apache.org/xsp"
> >>    xmlns:esql="http://apache.org/cocoon/SQL/v2"
> >>    xmlns:xsp-request="http://apache.org/xsp/request/2.0"
> >>    xmlns:xsp-session="http://apache.org/xsp/session/2.0"
> >>create-session="true"
> >>    xmlns:source="http://apache.org/cocoon/source/1.0"
> >>    xmlns:util="http://apache.org/xsp/util/2.0"
> >>    >
> >><authentication>
> >><esql:connection>
> >>    <esql:pool>dtmanager</esql:pool>
> >>    <esql:execute-query>
> >>        <esql:query>
> >>            SELECT
> >>            users.id,
> >>            users.firstName,
> >>            users.lastName,
> >>            users.emailAddress,
> >>            roles.id AS roleid,
> >>            roles.name AS role
> >>            FROM users
> >>            LEFT JOIN roles ON (users.role=roles.id)
> >>            WHERE
> >>            userName='<xsp-request:get-parameter name="username"/>'
> >>            AND
> >>            password='<xsp-request:get-parameter name="password"/>'
> >>            AND active='Yes'
> >>            LIMIT 1
> >>        </esql:query>
> >>        <esql:results>
> >>            <esql:row-results>
> >>                <ID><esql:get-int column="id"/></ID>
> >>                <role><esql:get-string column="role"/></role>
> >>                <data>
> >>                    <xsp-session:set-attribute
> >>name="userId"><esql:get-string column="id"/></xsp-session:set-attribute>
> >>                    <xsp-session:set-attribute
> >>name="userRole"><esql:get-string column="role"/></xsp-session:set-attribute>
> >>                    <xsp-session:set-attribute
> >>name="userFirstName"><esql:get-string
> >>column="firstName"/></xsp-session:set-attribute>
> >>                    <xsp-session:set-attribute
> >>name="userLastName"><esql:get-string
> >>column="lastName"/></xsp-session:set-attribute>
> >>                    <xsp-session:set-attribute
> >>name="userEmail"><esql:get-string
> >>column="emailAddress"/></xsp-session:set-attribute>
> >>                    <ID><esql:get-int column="id"/></ID>
> >>                    <role><esql:get-string column="role"/></role>
> >>                    <firstname><esql:get-string
> >>column="firstName"/></firstname>
> >>                    <lastname><esql:get-string
> >>column="lastName"/></lastname>
> >>                    <email><esql:get-string column="emailAddress"/></email>
> >>                </data>
> >>                <source:insert>
> >>
> >><source:source>context://module-files/auth/stats/<util:time
> >>format="yyyy/MM/dd"/>.xml</source:source>
> >>                    <source:path>/log</source:path>
> >>                    <source:fragment>
> >>                        <logon>
> >>                            <date><util:time format="yyyy/MM/dd"/></date>
> >>                            <time><util:time format="hh:mm:ss a"/></time>
> >>                            <user-agent><xsp-request:get-header
> >>name="user-agent"/></user-agent>
> >>
> >><remote-addr><xsp-request:get-remote-address/></remote-addr>
> >>
> >><remote-host><xsp-request:get-remote-host/></remote-host>
> >>                            <userFirstName><xsp-session:get-attribute
> >>name="userFirstName"/></userFirstName>
> >>                            <userLastName><xsp-session:get-attribute
> >>name="userLastName"/></userLastName>
> >>                        </logon>
> >>                    </source:fragment>
> >>                </source:insert><esql:error-results><b>Error
> >>Results</b></esql:error-results>
> >>            </esql:row-results>
> >>        </esql:results>
> >>        <esql:no-results>
> >>            <source:insert>
> >>                <source:source>context://module-files/auth/stats/<util:time
> >>format="yyyy/MM/dd"/>.xml</source:source>
> >>                <source:path>/log</source:path>
> >>                <source:fragment>
> >>                    <logonfail>
> >>                        <date><util:time format="yyyy/MM/dd"/></date>
> >>                        <time><util:time format="hh:mm:ss a"/></time>
> >>                        <user-agent><xsp-request:get-header
> >>name="user-agent"/></user-agent>
> >>
> >><remote-addr><xsp-request:get-remote-address/></remote-addr>
> >>
> >><remote-host><xsp-request:get-remote-host/></remote-host>
> >>                        <userFirstName><xsp-session:get-attribute
> >>name="userFirstName"/></userFirstName>
> >>                        <userName><xsp-request:get-parameter
> >>name="username"/></userName>
> >>                    </logonfail>
> >>                </source:fragment>
> >>            </source:insert>
> >>        </esql:no-results>
> >>    </esql:execute-query>
> >></esql:connection>
> >></authentication>
> >></xsp:page>
> >>
> >>
> >>
> >>-----Original Message-----
> >>From: Flavio Palumbo [mailto:flavio.palumbo@fastwebnet.it]
> >>Sent: 2004-02-03 12:52 AM
> >>To: users@cocoon.apache.org
> >>Subject: RE: cocoon authentication and database access
> >>
> >>
> >>Hi JD,
> >>
> >>could you please send the same samples to me (or maybe to the list) ?
> >>
> >>I have just depeloped something like this founding some problems not
> >>completely
> >>solved ; i'd like to compare my code with yours.
> >>
> >>Thanks a lot
> >>
> >>Flavio
> >>
> >>
> >>
> >>I know exactly what you mean :-)
> >>
> >>I'll send you a sample xsp file off-list.
> >>
> >>JD
> >>-----Original Message-----
> >>From: Anna Bikkina [mailto:anna@pinksheets.com]
> >>Sent: 2004-02-02 9:34 AM
> >>To: users@cocoon.apache.org
> >>Subject: Re: cocoon authentication and database access
> >>
> >>
> >>Could you please send me a couple of examples. I am new to xml and related
> >>stuff. I am having a tough time getting things together.
> >>
> >>Thanks,
> >>Anna.
> >>
> >>
> >>On Monday 02 February 2004 01:08 pm, JD Daniels wrote:
> >>
> >>>I use a simple xsp with esql to load my users
> >>>
> >>>JD
> >>>
> >>>-----Original Message-----
> >>>From: Anna Bikkina [mailto:anna@pinksheets.com]
> >>>Sent: 2004-02-02 8:20 AM
> >>>To: users@cocoon.apache.org
> >>>Subject: cocoon authentication and database access
> >>>
> >>>
> >>>Hi,
> >>>
> >>>I am new to cocoon and trying to build a portal application. I already
> >>
> >>have
> >>
> >>>an
> >>>existing application written in JSP and ported in tomcat. How can I change
> >>>it
> >>>so that it works in cocoon. Are there any examples I can look into to
> >>
> >>get
> >>
> >>>this task done.
> >>>
> >>>Also I have do database authentication when user logs in. All cocoon
> >>>examples
> >>>show authentication with users in the xml file. Can anyone please direct
> >>
> >>me
> >>
> >>>how to access databases from cocoon during authetication and in other
> >>>places.
> >>>
> >>>
> >>>Thanks,
> >>>Anna.
> >>>
> >>>
> >>
> >>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> >>For additional commands, e-mail: users-help@cocoon.apache.org
> >>
> >>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> >>For additional commands, e-mail: users-help@cocoon.apache.org
> >>
> >>
> > 
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> > For additional commands, e-mail: users-help@cocoon.apache.org
> > 
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message