Hi guys, I could not get any help for my problem on the Cocoon Users list, so this is my last resort. I am using Cocoon 2.1 (with Tomcat 4.1.12 with JDK 1.4.1_01). I would very much appreciate your help.
PROBLEM: I don't think the auth-login (LoginAction) is working right. If I use <authentication uri="cocoon:/authenticateAdmin"/> in the handler, I always get a NullPointerException in org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator.authenticate at line 290 (that line is 'DocumentFragment authenticationFragment = doc.createDocumentFragment();'). On the other hand, if I use the raw:/ protocol as in <authentication uri="cocoon:/raw:/authenticateAdmin"/>, then I ALWAYS get forwarded to the redirect page, which should never happen with auth-login from what I understand from the docs. So can someone explain the reason for using the "raw:/" protocol in the <authentication> tag in the handler? It is there in the documentation (http://cocoon.apache.org/2.1/developing/webapps/authentication.html), and it 1.) ALWAYS causes a redirect to the pipeline set in the <redirect-to> handler tag (for both valid and invalid user name/password combinations), and 2.) A printout of the "resource" request param on the redirected page shows the user name and password *twice*: /adminLogin?password=mypwd&userName=my_name&userName=my_name&password=mypwd It's also kind of strange how the 1st set is opposite the 2nd set (password first, user name second). My login test form makes one enter user name first, and password second (like any ordinary login form). Ok, now here's the relevant sitemap contents: <map:component-configurations> ... <authentication-manager> <handlers> <!-- Authenticates site administrators. --> <handler name="adminAuthHandler"> <redirect-to uri="cocoon:/getAdminLoginPage"/> <!-- Doesn't work, with or without 'raw:/' as explained above--> <authentication uri="cocoon:/raw:/authenticateAdmin"/> </handler> </handlers> </authentication-manager> ... </map:component-configurations> ... <!-- Generate and display the login page.--> <map:match pattern="getAdminLoginPage"> <map:generate src="myapp/xml/adminLogin.xsp" type="serverpages"/> <map:transform type="session"/> <map:serialize type="xml"/> </map:match> <!-- Try to log in the admin. --> <map:match pattern="adminLogin"> <map:act type="auth-login"> <map:parameter name="handler" value="adminAuthHandler"/> <map:parameter name="parameter_userName" value="{request-param:userName}"/> <map:parameter name="parameter_password" value="{request-param:password}"/> <map:read src="myapp/html_test/authSucceeded.html"/> </map:act> <!-- Authentication failed --> <map:read src="myapp/html_test/authFailed.html"/> </map:match> <!-- My auth resource, as defined in the handler. --> <map:match pattern="authenticateAdmin"> <map:generate src="myapp/xml/authenticateAdmin.xsp" type="serverpages"/> <map:serialize type="xml"/> </map:match> <map:match pattern="adminLogout"> <map:act type="auth-logout"> <map:parameter name="handler" value="adminAuthHandler"/> <!--+ | ::UNRESOLVED ISSUE:: SS 08/19/03 | Admin logout succeeded, so tell admin in some way, perhaps | a static page. +--> </map:act> <!--+ | ::UNRESOLVED ISSUE:: SS 08/19/03 | Admin logout failed. Is that even possible? What to do here? +--> </map:match> __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
