[EMAIL PROTECTED] wrote: > Also, the requirement of documentation on the MMBase website has not > been met.
There is no (easy accesible) facility for documenting hacks/proposals on the site yet, so I feel we should be a bit leanient in this regard, until the bugtracker works and a hack documentation feature is implemented (you are welcome to do so, I myself am a bit short on time). Also, sinse this regards taglib documentation, the documentation will be present in the taglib tld field (and thus, on mmbase.org) but obviously this can only be placed there when the hack is approved. I think the following documentation will suffice: *** Attribute loginpage (add to tld): You can use the loginpage attribute to specify the (relative) path to a security login page. i.e.: <mm:cloud name="mmbase" loginpage="login.jsp"> ... </mm:cloud> The attribute has effect whenever someone who is not already logged on to the cloud requests the page containing the cloud tag. In that case, the tag checks whether the page has been called with a predefined set of parameters. If the page was called with the 'command' parameter set to 'login', the tag assumes a request is being made to log on using those parameter, in teh same way as if thos eparameters had been specified as cloud tag attributes. The following parameters are recognized: command: always 'login' cloud: similar to the 'name' attribute (optional) method: similar to the 'authenticate' attribute (optional) username: similar to the 'logon' attribute password: similar to the 'pwd' attribute If login succeeds, the page continues and displays normally. If the login fails, or if no 'command=login' attribute was specified, the request is redirected to the page specified in the attribute. This 'login apge' can then take care of authentication, i.e. by displaying a form that allows the user to enter and submit the appropriate parameters (username/password) back to the originally called page. The page may also implement its own method of authentication. The 'command=login' parameter has no effect when the loginpage attribute was not specified. *** My personal vote is ABSTAIN. Motivation: The parameter names may be confusing with regards to the cloud tag attributes that mean something different, so I would suggest to use different parameters: name, authenticate, login, and pwd. Please note that casting a VETO without sufficient motivation is a violation of the committor rules. It is hard to judge what is 'sufficient', but badly written (though present) documentation is borderline IMO. A NAY is quite effective in those cases. -- Pierre van Rooden Mediapark, C 107 tel. +31 (0)35 6772815 "All your MMBase are belong to us"
