Eric-
I have a simple authentication running with mySql.
The db-authenticator is missing from the pipeline given. form-validator is
only validating that the values in your form meet the constraints in
params.xml. db-authenticator will check the database table against what the
user typed in.
The corresponding pipeline in my sub-site is:
<map:match pattern="do-login">
<!-- first validate whether submitted values are ok -->
<map:act type="form-validator">
<map:parameter name="descriptor"
value="context://wbs/descriptors/params.xml"/>
<map:parameter name="validate" value="user_id"/>
<!-- now try to log in -->
<map:act type="db-authenticator">
<map:parameter name="descriptor"
value="context://wbs/descriptors/auth.xml"/>
<!-- now go to protected area -->
<map:redirect-to uri="protected"/>
</map:act>
</map:act>
<!-- something was wrong, try it again -->
<map:redirect-to uri="login"/>
</map:match>
(Yes, it was shamelessly stolen from the example.)
The auth.xml I use looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<auth-descriptor>
<connection>wbs</connection>
<table name="tbl_users">
<select dbcol="user_id" request-param="user_id" to-session="user_id"/>
<select dbcol="user_password" request-param="user_password"
to-session="user_password"/>
<select dbcol="user_permission" to-session="user_permission"
type="string"/>
</table>
</auth-descriptor>
An item of note: the names for the id & password MUST match in login.xsp
(request name - html form), in params.xml (name=), and auth.xml
(request-param=). The "dbcol" in auth.xml is the column name in your table -
"user_name" from your table def.
If the request name in login.xsp (from the html form) is not the same as in
params.xml (in your case "user_id") that may be why the form is not
validated - sending you back to login.
Then, assuming other pipes will be 'protected' you need to wrap each one.
Such as:
<map:match pattern="*-meter.html*">
<map:act type="session-validator">
<map:parameter name="descriptor"
value="context://wbs//descriptors/params.xml"/>
<map:parameter name="validate" value="user_id, user_password"/>
<!-- Now generate the page -->
<map:generate type="serverpages" src="docs/{../1}-meter.xsp"/>
<map:transform src="stylesheets/wbs.xsl"/>
<map:serialize/>
<!-- End generated page -->
</map:act>
<!-- something was wrong, redirect to login page -->
<map:redirect-to uri="login"/>
</map:match>
"session-validator" will validate that the user_id & user_password (placed
in session variables by "db-authenticator" from the "to-session" of
auth.xml) are valid. It only checks validity in terms of a 'form' check - it
does not access the database again (as far as I know).
These values are invalidated on session timeout, forcing the user to login
again.
Since I am still playing, I am allowing the password to stay around as a
session variable.
On your PASSWORD() function question, I can not help. My guess is that you
would have to modify (or make your own)
org.apache.cocoon.acting.FormValidatorAction.
HTH
Dave...................
----- Original Message -----
From: "Eric Dalquist" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, June 29, 2002 12:06 PM
Subject: Form Validator
> I've been trying to get the form validator and DB Validator working for
> about a week now. I decided to try and just got the form stuff working
first
> but I can't even get that. I'm running Cocoon 2.0.2-dev and Tomcat 4.1.3.
>
> In my sitemap.xmap I have the following:
>
> <!--
> | The page do_login does not actually exist this is just a dummy
> | target for the login auth to take place at.
> -->
> <map:match pattern="do_login.xsp">
> <map:act type="form-validator">
> <map:parameter name="descriptor"
> value="context://house_bills/descriptors/params.xml"/>
> <map:parameter name="validate-set" value="user-pass"/>
>
> <map:redirect-to uri="index.xsp"/>
> </map:act>
>
> <map:redirect-to uri="login.xsp"/>
> </map:match>
>
> login.xsp has a form that posts to do_login.xsp and has two inputs named
> user_name and user_password.
>
> Here is my params.xml
> <?xml version="1.0"?>
> <root>
> <parameter name="user_name" type="string" nullable="no"/>
> <parameter name="user_password" type="string" nullable="no"/>
>
> <constraint-set name="name-pass">
> <validate name="user_name"/>
> <validate name="user_password"/>
> </constraint-set>
> </root>
>
> I've checked through the logs and there aren't any context errors so
Cocoon
> seems to be finding the params.xml file OK. Everytime I submit the form I
> get bounced back to the login.xsp page instead of getting sent to
index.xsp.
> It doesn't matter if I don't put anything in the inputs or have valid data
> in both.
>
> I would also like to be able to validate the user_name & password_fields
> against a MySQL database and setting the value in the corresponding
user_id
> column in a session variable. I played with it a little and cocoon was
> connection to the DB but not authenticating, I don't have my descriptor
file
> for that any more. Here is my DDL for the table I want to auth against.
>
> CREATE TABLE `users` (
> `user_id` int(11) unsigned NOT NULL auto_increment,
> `user_name` varchar(255) NOT NULL default '',
> `user_password` varchar(16) NOT NULL default '',
> `user_first_name` varchar(255) NOT NULL default '',
> `user_last_name` varchar(255) NOT NULL default '',
> `user_email` varchar(255) NOT NULL default '',
> `user_status` tinyint(4) unsigned NOT NULL default '1',
> PRIMARY KEY (`user_id`),
> UNIQUE KEY `user_login` (`user_name`,`user_password`),
> UNIQUE KEY `user_id` (`user_id`)
> ) TYPE=MyISAM
>
> My other question with the DBAuth stuff is can cocoon run the submitted
> password through MySQLs PASSWORD() function? I would really like to be
able
> to keep the password column in the table encrypted and still be able to
use
> the DBAuth stuff.
>
> I hope someone can give me a hand with this. After a week of searching the
> mailing lists, coocon site and web in general I'm stuck!
>
> -Eric Dalquist
>
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> For additional commands, e-mail: <[EMAIL PROTECTED]>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
