Hi Morley, thanks for your replay, i got it.
i was misteking many things in the XSP code. now it works and i can authenticate the user against the DB table as i hoped. making more tests, i tried to point directly a page in the protected area without authenticate myself, where i thought i'd be redirected to the login page ; instead i get an exception java.lang.ArrayIndexOutOfBoundsException. have you any suggestion ? below are the stack trace and the new sitemap. thanks a lot Flavio java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at org.mortbay.util.ByteBufferOutputStream.prewrite(ByteBufferOutputStream.java:219) at org.mortbay.http.BufferedOutputStream.flush(BufferedOutputStream.java:187) at org.mortbay.http.ChunkingOutputStream.flush(ChunkingOutputStream.java:69) at org.mortbay.http.HttpOutputStream.flush(HttpOutputStream.java:482) at org.mortbay.http.HttpResponse.commit(HttpResponse.java:501) at org.mortbay.http.HttpResponse.sendRedirect(HttpResponse.java:463) at org.mortbay.jetty.servlet.ServletHttpResponse.sendRedirect(ServletHttpResponse.java:432) at org.apache.cocoon.environment.http.HttpResponse.sendRedirect(HttpResponse.java:132) at org.apache.cocoon.environment.http.HttpEnvironment.doRedirect(HttpEnvironment.java:192) at org.apache.cocoon.environment.http.HttpEnvironment.redirect(HttpEnvironment.java:131) at org.apache.cocoon.environment.ForwardRedirector.globalRedirect(ForwardRedirector.java:131) at org.apache.cocoon.webapps.authentication.components.DefaultAuthenticationManager.checkAuthentication(DefaultAuthenticationManager.java:373) at org.apache.cocoon.webapps.authentication.acting.AuthAction.act(AuthAction.java:102) at org.apache.cocoon.components.treeprocessor.sitemap.ActTypeNode.invoke(ActTypeNode.java:152) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:84) at org.apache.cocoon.components.treeprocessor.sitemap.PreparableMatchNode.invoke(PreparableMatchNode.java:164) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:108) at org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:163) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:108) at org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:152) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:354) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:307) at org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:133) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:84) at org.apache.cocoon.components.treeprocessor.sitemap.PreparableMatchNode.invoke(PreparableMatchNode.java:164) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:108) at org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:163) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:108) at org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:152) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:354) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:307) at org.apache.cocoon.Cocoon.process(Cocoon.java:656) at org.apache.cocoon.servlet.CocoonServlet.service(CocoonServlet.java:1112) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:360) at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:294) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:558) at org.mortbay.http.HttpContext.handle(HttpContext.java:1714) at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:507) at org.mortbay.http.HttpContext.handle(HttpContext.java:1664) at org.mortbay.http.HttpServer.service(HttpServer.java:863) at org.mortbay.http.HttpConnection.service(HttpConnection.java:775) at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:939) at org.mortbay.http.HttpConnection.handle(HttpConnection.java:792) at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:201) at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:289) at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:455) SITEMAP --------------------------------------------------------------- <map:pipelines> <map:component-configurations> <authentication-manager> <handlers> <handler name="protArea"> <redirect-to uri="cocoon:/login"/> <authentication uri="cocoon:raw:/authenticate"/> </handler> </handlers> </authentication-manager> </map:component-configurations> <map:pipeline> <map:match pattern=""> <map:redirect-to uri="login"/> </map:match> <!-- <map:match pattern="authenticate"> <map:generate type="serverpages" src="docs/autenticaLogin.xsp"/> <map:parameter name="use-request-parameters" value="true"/> <map:transform src="stylesheets/autentica.xsl"/> <map:serialize type="xml"/> </map:match> --> <!-- ================= --> <!-- Simple login page --> <!-- ================= --> <map:match pattern="login"> <!-- if we are already logged in, redirect to the protected document --> <map:act type="auth-loggedIn"> <map:parameter name="handler" value="protArea"/> <map:redirect-to uri="protected/home"/> </map:act> <map:generate src="docs/login.xml"/> <map:transform src="stylesheets/simple-page2html.xsl"/> <map:transform type="encodeURL"/> <map:serialize/> </map:match> <!-- ========================================= --> <!-- Form target which performs auth service --> <!-- ========================================= --> <map:match pattern="do-login"> <!-- try to login --> <map:act type="auth-login"> <map:parameter name="handler" value="protArea"/> <map:parameter name="parameter_name" value="{request-param:username}"/> <map:redirect-to uri="protected/home"/> </map:act> <!-- something was wrong, try it again --> <map:redirect-to uri="login"/> </map:match> <!-- ================ --> <!-- Protected area --> <!-- ================ --> <map:match pattern="protected/**"> <map:act type="auth-protect"> <map:parameter name="handler" value="protArea"/> <map:match pattern="protected/home"> <map:generate src="docs/home.xml"/> <map:transform type="session"/> <map:transform src="stylesheets/apache.xsl"/> <map:transform type="encodeURL"/> <map:serialize/> </map:match> <map:match pattern="protected/*-operaz.html"> <map:act set="process"> <map:parameter name="descriptor" value="context://riskIdem/docs/operaz-form.xml"/> <map:generate type="serverpages" src="docs/conferma-operaz.xsp"/> <map:transform src="stylesheets/apache.xsl"/> <map:serialize/> </map:act> <map:generate type="serverpages" src="docs/{1}-operaz.xsp"/> <map:transform src="stylesheets/apache.xsl"/> <map:serialize/> </map:match> <map:match pattern="protected/*-openp.html"> <map:generate type="serverpages" src="docs/{1}-openp.xsp"/> <map:transform src="stylesheets/apache.xsl"/> <map:serialize/> </map:match> <map:match pattern="protected/Ricerca-*.html"> <map:generate type="serverpages" src="docs/Ricerca-{1}.xsp"/> <map:transform src="stylesheets/apache.xsl"/> <map:serialize/> </map:match> <map:match pattern="protected/images/**.gif"> <map:read src="resources/images/{1}.gif" mime-type="image/gif"/> </map:match> <map:match pattern="protected/images/**.jpg"> <map:read src="resources/images/{1}.jpg" mime-type="image/jpg"/> </map:match> <map:match pattern="protected/images/**.png"> <map:read src="resources/images/{1}.png" mime-type="image/png"/> </map:match> <map:match pattern="protected/resources/**.css"> <map:read src="resources/styles/{1}.css" mime-type="text/css"/> </map:match> <map:match pattern="protected/resources/**.js"> <map:read src="resources/styles/{1}.js" mime-type="application/x-javascript"/> </map:match> </map:act> <!-- something was wrong, redirect to login page --> <map:redirect-to uri="login"/> </map:match> <!-- ========================================= --> <!-- Logout link which invalidates the session --> <!-- ========================================= --> <map:match pattern="do-logout"> <map:act type="auth-protect"> <map:parameter name="handler" value="protArea"/> <map:act type="auth-logout"/> </map:act> <map:redirect-to uri="login"/> </map:match> </map:pipeline> <map:pipeline internal-only="true"> <map:match pattern="authenticate"> <map:generate type="serverpages" src="docs/autenticaLogin.xsp"/> <map:parameter name="use-request-parameters" value="true"/> <map:transform src="stylesheets/autentica.xsl"/> <map:serialize type="xml"/> </map:match> <!-- <map:handle-errors> <map:transform src="stylesheets/system/error2document.xsl"/> <map:transform src="stylesheets/apache.xsl"/> <map:serialize status-code="500"/> </map:handle-errors> --> </map:pipeline> <!-- <map:match pattern="authenticate"> <map:generate src="docs/userlist.xml"/> <map:transform src="stylesheets/authenticate.xsl"> <map:parameter name="use-request-parameters" value="true"/> </map:transform> <map:serialize type="xml"/> --> </map:pipelines> </map:sitemap> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]