mman 01/08/25 05:43:08
Modified: src/org/apache/cocoon/acting
DatabaseAuthenticatorAction.java
Log:
Fixed bug which caused WHERE clause to be omitted always and not only for "nullable"
parameters
Revision Changes Path
1.12 +14 -8
xml-cocoon2/src/org/apache/cocoon/acting/DatabaseAuthenticatorAction.java
Index: DatabaseAuthenticatorAction.java
===================================================================
RCS file:
/home/cvs/xml-cocoon2/src/org/apache/cocoon/acting/DatabaseAuthenticatorAction.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- DatabaseAuthenticatorAction.java 2001/08/22 12:03:32 1.11
+++ DatabaseAuthenticatorAction.java 2001/08/25 12:43:08 1.12
@@ -1,4 +1,4 @@
-// $Id: DatabaseAuthenticatorAction.java,v 1.11 2001/08/22 12:03:32 sylvain Exp $
+// $Id: DatabaseAuthenticatorAction.java,v 1.12 2001/08/25 12:43:08 mman Exp $
package org.apache.cocoon.acting;
import org.apache.avalon.excalibur.datasource.DataSourceComponent;
@@ -29,16 +29,19 @@
* <table name="users_table>
* <select dbcol="username" request-param="username"
* to-session="username"/>
- * <select dbcol="password" request-param="password"/>
+ * <select dbcol="password" request-param="password"
+ * nullable="yes"/>
* <select dbcol="role" to-session="role" type="string"/>
* <select dbcol="skin" to-session="skin" type="string"/>
* </table>
* </root>
* </pre>
* The values specified via "request-param" describe the name of HTTP request
- * parameter, "dbcol" indicates matching database column and finally
+ * parameter, "dbcol" indicates matching database column, "nullable" means
+ * that request-param which is null or empty will not be included in the WHERE
+ * clause. This way you can enable accounts with empty passwords, etc.
* "to-session" attribute indicates under which name the value obtained from
- * database should stored in the session. Of course new session is created
+ * database should be stored in the session. Of course new session is created
* when authorization is successfull. The "type" attribute can be either
* string, long or double and alters the type of object stored in session.
* Additionally all parameters that are
@@ -51,7 +54,7 @@
* not verified.
*
* @author Martin Man <[EMAIL PROTECTED]>
- * @version CVS $Revision: 1.11 $ $Date: 2001/08/22 12:03:32 $
+ * @version CVS $Revision: 1.12 $ $Date: 2001/08/25 12:43:08 $
*/
public class DatabaseAuthenticatorAction extends AbstractDatabaseAction implements
ThreadSafe
{
@@ -173,13 +176,16 @@
request_param.trim().equals ("")) {
continue;
}
+ } catch (Exception e) {
+ continue;
+ }
+ try {
nullstr = select[i].getAttribute ("nullable");
if (nullstr != null) nullstr = nullstr.trim ();
if ("yes".equals (nullstr) || "true".equals (nullstr)) {
nullable = true;
}
- } catch (Exception e) {
- continue;
+ } catch (Exception e1) {
}
/* if there is a request parameter name,
* but not the value, we exit immediately do
@@ -262,5 +268,5 @@
}
}
-// $Id: DatabaseAuthenticatorAction.java,v 1.11 2001/08/22 12:03:32 sylvain Exp $
+// $Id: DatabaseAuthenticatorAction.java,v 1.12 2001/08/25 12:43:08 mman Exp $
// vim: set et ts=4 sw=4:
----------------------------------------------------------------------
In case of troubles, e-mail: [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
