2009/3/27 michiel boerman <[email protected]>: > <mm:cloud name="mmbase"" authenticate="name/encodedpassword" > method="pagelogon" username="test" > encodedpassword="098f6bcd4621d373cade4e832627b4f6" > > > In other words doing a cloud pagelogon using an encoded password. The above > example does not work because encodedpassword is not a valid attribute of > cloud. > If I use the parameter password instead of encodedpassword I get this: > > The parameter 'java.lang.String password' is not defined (defined are > [java.lang.String username=test, java.lang.String encodedpassword=null, > java.util.List usernames=null, org.mmbase.security.Rank rank=null]) > > If I set method="loginpage" and and use a loginpage that provides a > encodedpassword field login does work so settings are ok.
It would perhaps be a bit folly to decorate the mm:cloud tag with all kind of attributes dedicated at all kind of imaginable security-implemntations. Why don' t you use the loginpage method then, if that works? If you only try to avoid having the plain text password in your jsp source, I'd recommend 'class' security in stead: <mm:cloud method="delegate" authenticate="class"> In config/security/classauthentication.xml you can then configure which user must be used for which classes. Without any need for passwords at all. Michiel -- mihxil' http://meeuw.org nl_NL eo_XX en_US _______________________________________________ Users mailing list [email protected] http://lists.mmbase.org/mailman/listinfo/users
