On 1/25/06, Michael Wechner <[EMAIL PROTECTED]> wrote:
> Bob Harner wrote:
>
> >Hello all,
> >
> >The login page for Lenya 1.2.4 (and I think 1.4 as well) uses a GET
> >instead of a POST, which is unacceptable to my customer and very bad
> >practice in general. I need to change it to a POST, but can't get it
> >to work.
> >
> >I changed the form method in login.xsl to POST easily enough, but now
> >authentication always fails. The form handling apparently only likes
> >GET's.
> >
> >I believe the sitemap.xmap handles the login form submission, sending
> >it to a pipeline that contains the authenticator action
> >(org.apache.lenya.cms.cocoon.acting.DelegatingAuthenticatorAction),
> >but that action always results in a failure. I'll admit I'm having
> >great difficulty tracing through the code trying to find where Lenya
> >or Cocoon distinguishes between a GET and a POST. It shouldn't be
> >hard, right?
> >
> >Does anyone have any hints on this? This is a critical show-stopper for us.
> >
> >
>
> I am not sure about your patches:
>
> http://issues.apache.org/bugzilla/show_bug.cgi?id=38383
>
> I guess you added just part of the problem, right?
>
> Just asking, such that I won't duplicate your efforts ;-)
>
> Thanks
>
> Michi
>
No, the patch is the complete solution. More detail: when we changed
the GET to a POST, the form wouldn't let us log in anymore. We
eventually figured out that the pipeline in sitemap.xmap was not even
running when the form used POST, because when it does this:
<map:match type="usecase" pattern="login">
it is only matching on "usecase=login" in the URL, disregarding any
POST'ed parameters (why doesn't
org.apache.cocoon.matching.WildcardRequestParameterMatcher look at
POST'ed parameters?). So to make it work we had to move the
lenya.usecase and lenya.step parameters into the form tag's action
attribute. Now it works fine.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
