Eric-
Glad you have the db auth working. This will likely be files thrown together
because I am getting ready to go out town for a bit.
Here is login.xml
<?xml version="1.0"?>
<page>
<document sidebar="">
<title>Login page</title>
<content>
<linkbar/>
<para>
This is a managed system.
</para>
<br/><br/>
<form handler="do-login" name="login" method="get">
<table width="20" caption="log-in" cellspacing="0" cellpadding="0"
border="0">
<tr>
<td width="10" height="0" align="right">WBS id:</td>
<td width="10" height="0" align="left">
<input-text name="user_id"/></td>
</tr>
<tr>
<td width="10" height="0" align="right">Password:</td>
<td width="10" height="0" align="left">
<input-password name="user_password"/></td>
</tr>
<tr>
<td width="10" height="0" align="center"> </td>
<td width="10" height="0" align="left">
<submit name="Login" value="Login"/></td>
</tr>
</table>
<br/>
</form>
</content>
</document>
</page>
I flexed heavily off the apache.xsl but if there is anything confusing, let
me know.
I'll give one xsl entry I modified:
<xsl:template match="input-text">
<input type="text" name="{@name}" value="{@value}"/>
</xsl:template>
The pipeline & auth.xml are below from the prior message.
My param.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is used for description of request and session parameters.
parameters that are nullable and are found being null are replaced with
their
default values, non-nullable parameters can make the validation process
fail.
-->
<parameters-descriptor>
<parameter name="user_id" type="string" nullable="no"/>
<parameter name="user_password" type="string" nullable="no"/>
<parameter name="user_permission" type="string" nullable="yes"
default="read"/>
</parameters-descriptor>
Your 'login.xsp' and 'do_login.xsp' look very similiar to mine. Just make
sure names match. If it still does not work, I'll have to see your
login.xsp.
<!-- ================= -->
<!-- Simple login page -->
<!-- ================= -->
<map:match pattern="login">
<map:generate src="docs/login.xml"/>
<map:transform src="stylesheets/wbs.xsl"/>
<map:serialize/>
</map:match>
<!-- ========================================= -->
<!-- Form target which performs auth service -->
<!-- ========================================= -->
<map:match pattern="do-login">
<!-- first validate whether submitted values are ok -->
<map:act type="form-validator">
<map:parameter name="descriptor"
value="context://wbs/descriptors/params.xml"/>
<map:parameter name="validate" value="user_id"/>
<!-- now try to log in -->
<map:act type="db-authenticator">
<map:parameter name="descriptor"
value="context://wbs/descriptors/auth.xml"/>
<!-- now go to protected area -->
<map:redirect-to uri="protected"/>
</map:act>
</map:act>
<!-- something was wrong, try it again -->
<map:redirect-to uri="login"/>
</map:match>
On your '*.xsp' pipeline I noticed you used {1}. Once you use an action it
sets a new context and you need to use {../1} to get to the ancestor (or
parent).
Good luck!
Dave.................
----- Original Message -----
From: "Eric Dalquist" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 01, 2002 10:22 AM
Subject: Re: Form Validator
> Thanks for the tips Dave. I have the DBAuthenticator working. But I still
> can't get the session validator and form validator to work. Could you
please
> post an example of the XML file you use in your Form or Session
validators?
> I'm trying to be really simple right now with mine:
>
> <?xml version="1.0"?>
> <root>
> <parameter name="user_name" type="string" nullable="no"/>
> </root>
>
> Here is an exerpt of my sitemap. I took the FormValidator off the
> do_login.xsp to get the DBAuth working.
>
> <!-- unprotected login page -->
> <map:match pattern="login.xsp">
> <map:generate type="serverpages" src="logic/login.xsp"/>
> <map:transform src="../stylesheets/site_format.xsl"/>
> <map:transform src="stylesheets/login.xsl"/>
> <map:serialize/>
> </map:match>
>
>
> <!--
> | The page do_login does not actually exist this is just a
> dummy
> | target for the login auth to take place at.
> -->
> <map:match pattern="do_login.xsp">
> <!-- now try to log in -->
> <map:act type="db-authenticator">
> <map:parameter name="descriptor"
> value="context://house_bills/descriptors/auth.xml"/>
>
> <!-- now go to protected area -->
> <map:redirect-to uri="index.xsp"/>
> </map:act>
>
> <!-- something was wrong, try it again -->
> <map:redirect-to uri="login.xsp"/>
> </map:match>
>
>
> <!--
> | Just like with do_login.xsp there is no logout.xsp page. It
> is
> | just a dummy target which kills the user's session.
> -->
> <map:match pattern="logout.xsp">
> <map:act type="session-invalidator">
> <map:redirect-to uri="login.xsp"/>
> </map:act>
> </map:match>
>
> <!-- the whole site requires a login so we do special
> excludes -->
> <map:match pattern="*.xsp">
> <map:act type="session-validator">
> <map:parameter name="descriptor"
> value="context://house_bills/descriptors/params.xml"/>
> <map:parameter name="validate" value="user_name"/>
>
> <!-- Now generate the page -->
> <map:generate type="serverpages" src="logic/{1}.xsp"/>
> <map:transform src="../stylesheets/site_format.xsl"/>
> <map:transform src="stylesheets/{1}.xsl"/>
> <map:serialize/>
> <!-- End generated page -->
> </map:act>
>
> <!-- something was wrong, redirect to login page -->
> <map:redirect-to uri="login.xsp"/>
> </map:match>
>
>
> ----- Original Message -----
> From: "Dave Covert" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, June 30, 2002 10:54 PM
> Subject: Re: Form Validator
>
>
> > Eric-
> > I have a simple authentication running with mySql.
> >
> > The db-authenticator is missing from the pipeline given. form-validator
is
> > only validating that the values in your form meet the constraints in
> > params.xml. db-authenticator will check the database table against what
> the
> > user typed in.
> >
> > The corresponding pipeline in my sub-site is:
> > <map:match pattern="do-login">
> > <!-- first validate whether submitted values are ok -->
> > <map:act type="form-validator">
> > <map:parameter name="descriptor"
> > value="context://wbs/descriptors/params.xml"/>
> > <map:parameter name="validate" value="user_id"/>
> > <!-- now try to log in -->
> > <map:act type="db-authenticator">
> > <map:parameter name="descriptor"
> > value="context://wbs/descriptors/auth.xml"/>
> > <!-- now go to protected area -->
> > <map:redirect-to uri="protected"/>
> > </map:act>
> > </map:act>
> > <!-- something was wrong, try it again -->
> > <map:redirect-to uri="login"/>
> > </map:match>
> > (Yes, it was shamelessly stolen from the example.)
> > The auth.xml I use looks like this:
> > <?xml version="1.0" encoding="UTF-8"?>
> > <auth-descriptor>
> > <connection>wbs</connection>
> > <table name="tbl_users">
> > <select dbcol="user_id" request-param="user_id"
to-session="user_id"/>
> > <select dbcol="user_password" request-param="user_password"
> > to-session="user_password"/>
> > <select dbcol="user_permission" to-session="user_permission"
> > type="string"/>
> > </table>
> > </auth-descriptor>
> >
> > An item of note: the names for the id & password MUST match in login.xsp
> > (request name - html form), in params.xml (name=), and auth.xml
> > (request-param=). The "dbcol" in auth.xml is the column name in your
> table -
> > "user_name" from your table def.
> > If the request name in login.xsp (from the html form) is not the same as
> in
> > params.xml (in your case "user_id") that may be why the form is not
> > validated - sending you back to login.
> >
> >
> > Then, assuming other pipes will be 'protected' you need to wrap each
one.
> > Such as:
> > <map:match pattern="*-meter.html*">
> > <map:act type="session-validator">
> > <map:parameter name="descriptor"
> > value="context://wbs//descriptors/params.xml"/>
> > <map:parameter name="validate" value="user_id, user_password"/>
> > <!-- Now generate the page -->
> > <map:generate type="serverpages" src="docs/{../1}-meter.xsp"/>
> > <map:transform src="stylesheets/wbs.xsl"/>
> > <map:serialize/>
> > <!-- End generated page -->
> > </map:act>
> > <!-- something was wrong, redirect to login page -->
> > <map:redirect-to uri="login"/>
> > </map:match>
> > "session-validator" will validate that the user_id & user_password
(placed
> > in session variables by "db-authenticator" from the "to-session" of
> > auth.xml) are valid. It only checks validity in terms of a 'form'
check -
> it
> > does not access the database again (as far as I know).
> > These values are invalidated on session timeout, forcing the user to
login
> > again.
> > Since I am still playing, I am allowing the password to stay around as a
> > session variable.
> >
> > On your PASSWORD() function question, I can not help. My guess is that
you
> > would have to modify (or make your own)
> > org.apache.cocoon.acting.FormValidatorAction.
> >
> > HTH
> > Dave...................
> >
> > ----- Original Message -----
> > From: "Eric Dalquist" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Saturday, June 29, 2002 12:06 PM
> > Subject: Form Validator
> >
> >
> > > I've been trying to get the form validator and DB Validator working
for
> > > about a week now. I decided to try and just got the form stuff working
> > first
> > > but I can't even get that. I'm running Cocoon 2.0.2-dev and Tomcat
> 4.1.3.
> > >
> > > In my sitemap.xmap I have the following:
> > >
> > > <!--
> > > | The page do_login does not actually exist this is just a dummy
> > > | target for the login auth to take place at.
> > > -->
> > > <map:match pattern="do_login.xsp">
> > > <map:act type="form-validator">
> > > <map:parameter name="descriptor"
> > > value="context://house_bills/descriptors/params.xml"/>
> > > <map:parameter name="validate-set" value="user-pass"/>
> > >
> > > <map:redirect-to uri="index.xsp"/>
> > > </map:act>
> > >
> > > <map:redirect-to uri="login.xsp"/>
> > > </map:match>
> > >
> > > login.xsp has a form that posts to do_login.xsp and has two inputs
named
> > > user_name and user_password.
> > >
> > > Here is my params.xml
> > > <?xml version="1.0"?>
> > > <root>
> > > <parameter name="user_name" type="string" nullable="no"/>
> > > <parameter name="user_password" type="string" nullable="no"/>
> > >
> > > <constraint-set name="name-pass">
> > > <validate name="user_name"/>
> > > <validate name="user_password"/>
> > > </constraint-set>
> > > </root>
> > >
> > > I've checked through the logs and there aren't any context errors so
> > Cocoon
> > > seems to be finding the params.xml file OK. Everytime I submit the
form
> I
> > > get bounced back to the login.xsp page instead of getting sent to
> > index.xsp.
> > > It doesn't matter if I don't put anything in the inputs or have valid
> data
> > > in both.
> > >
> > > I would also like to be able to validate the user_name &
password_fields
> > > against a MySQL database and setting the value in the corresponding
> > user_id
> > > column in a session variable. I played with it a little and cocoon was
> > > connection to the DB but not authenticating, I don't have my
descriptor
> > file
> > > for that any more. Here is my DDL for the table I want to auth
against.
> > >
> > > CREATE TABLE `users` (
> > > `user_id` int(11) unsigned NOT NULL auto_increment,
> > > `user_name` varchar(255) NOT NULL default '',
> > > `user_password` varchar(16) NOT NULL default '',
> > > `user_first_name` varchar(255) NOT NULL default '',
> > > `user_last_name` varchar(255) NOT NULL default '',
> > > `user_email` varchar(255) NOT NULL default '',
> > > `user_status` tinyint(4) unsigned NOT NULL default '1',
> > > PRIMARY KEY (`user_id`),
> > > UNIQUE KEY `user_login` (`user_name`,`user_password`),
> > > UNIQUE KEY `user_id` (`user_id`)
> > > ) TYPE=MyISAM
> > >
> > > My other question with the DBAuth stuff is can cocoon run the
submitted
> > > password through MySQLs PASSWORD() function? I would really like to be
> > able
> > > to keep the password column in the table encrypted and still be able
to
> > use
> > > the DBAuth stuff.
> > >
> > > I hope someone can give me a hand with this. After a week of searching
> the
> > > mailing lists, coocon site and web in general I'm stuck!
> > >
> > > -Eric Dalquist
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > Please check that your question has not already been answered in the
> > > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
> > >
> > > To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> > > For additional commands, e-mail: <[EMAIL PROTECTED]>
> >
> >
> >
> > ---------------------------------------------------------------------
> > Please check that your question has not already been answered in the
> > FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
> >
> > To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> > For additional commands, e-mail: <[EMAIL PROTECTED]>
> >
>
>
>
> ---------------------------------------------------------------------
> Please check that your question has not already been answered in the
> FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
> To unsubscribe, e-mail: <[EMAIL PROTECTED]>
> For additional commands, e-mail: <[EMAIL PROTECTED]>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
