Update: I was mistake before when I said that if the login suceeds, the correct html file is shown. It's not. Rather, in both cases I'm redirected to the pipeline defined in the authentication handler.
To reiterate, this confuses me because I thought no such redirect should ever occur with auth-login, but rather only with auth-protect. Again, take a look at the sitemap snippet from my original post (below here).
Any insights would be great,
Sonny
From: "Sonny Sukumar" <[EMAIL PROTECTED]>
Hi Andrew,
Thanks for that tip. But there seems to be something else going on as well....
If the login succeeds, the correct static html file is shown (see the the sitemap snippet I gave before--below), but if it fails then I end up being redirected to the "redirect-to" page defined for the auth handler. I thought that if the auth-login fails, then it would just read whatever comes after the action (another static html file, for testing at least).
To add to the strangeness, the redirected to page (a login page I generate) shows the originally requested URI (I embed the originally requested URI in the generated login page) as getting the userName and password each **twice**. Here's what it says is the originally requested URI:
/adminLogin?password=test_pwd&userName=test_user&userName=test_user&password=test_pwd
The Cocoon documentation doesn't say anything to explain this behavior, but then again it wasn't very clear about the other things either.
Do you have any ideas on this?
Thanks again,
Sonny
From: Andrew Timberlake <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: 1 more auth question.. Date: Sat, 23 Aug 2003 15:34:57 +0200
Sonny
Look at this snippet:
<map:parameter name="parameter_userName"
value="{request-param:userName}"/>
<map:parameter name="parameter_password"
value="{request-param:password}"/>
Here you are passing two parameters to the auth action named parameter_userName and parameter_password. The values of each of these parameters is coming directly from the request parameters via the request-param input module.
If you look at the source for the auth-login action (org.apache.cocoon.webapps.authentication.acting.LoginAction) on lines 104-107 the action is taking all parameters beginning with "parameter_" and passing them as parameters to the authentication resource.
ie. if you set the above parameters for the auth-login action, they will be passed to your XSP as two parameters: userName and password (dropped the "parameter_" bit.
Therefore your XSP code should be similar to the following:
...
String userName = parameters.getParameter("userName");
String password = parameters.getParameter("password");
...
Hope this helps
Andrew
Sonny Sukumar wrote:
Hi all,
I'm not clear on how the authentication resource gets parameters that are passed to it from <auth-login>. My auth resource is an XSP, and I try to fetch them as request params. However, I'm not sure if that's correct because I've verified that my auth resource produces output matching the <authentication>...</authentication> scheme it is supposed to when given request params, but yet the <auth-login> always seems to fail.
Here's my sitemap snippet:
<!-- Try to log in an admin. -->
<map:match pattern="adminLogin">
<map:act type="auth-login">
<map:parameter name="handler" value="adminAuthHandler"/>
<map:parameter name="parameter_userName" value="{request-param:userName}"/>
<map:parameter name="parameter_password" value="{request-param:password}"/>
<!-- Really should be a redirect here, but this is for simplicity of illustration.-->
<map:read src="myapp/authSuccessful.html"/>
</map:act>
<!-- Authentication failed --> <map:read src="myapp/authFailed.html"/> </map:match>
<!-- Auth resource -->
<map:match pattern="authenticateAdmin">
<map:generate src="redpouch/xml/authenticateAdmin.xsp" type="serverpages"/>
<map:serialize type="xml"/>
</map:match>
Here's my handler declaration:
<!-- Authenticates site administrators. --> <handler name="adminAuthHandler"> <redirect-to uri="cocoon:/getAdminLoginPage"/> <authentication uri="cocoon:/raw:/authenticateAdmin"/> </handler>
So I try to do 'request.getParameter("userName")' and 'request.getParameter("password")' in my XSP (i.e. my auth resource), but authFailed.html is **always** shown, whether or not the user name/password combination is valid.
I also still don't quite understand why the 'raw:/' subprotocol needs to be used in the <authentication> tag in the handler. It is that way in the docs, but I tried both with and without it, and the auth fails no matter what.
I'd appreciate any hints. :-)
Sonny
_________________________________________________________________
MSN 8: Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________ MSN 8: Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________
Get MSN 8 and help protect your children with advanced parental controls. http://join.msn.com/?page=features/parental
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
