I think this point isn't clear in the docs, and so it should be made clear that the temporary context is indeed stored in the session so others don't get confused. The coverage of the auth framework is good overall--it's just a few points that are ambiguous.
From: Olivier Billard <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: 3 questions... Date: Thu, 21 Aug 2003 09:59:29 +0200
Hi Andrew,
I realized that I didn't wrote that my concern is about a wrong authentication : no session is created, and so your component, using the session, won't work. Am I right ?
I want to give a detailed feedback to the user trying to authenticate : "login does not exist", "wrong password", ...
Do you have an other solution ?
Thanks again, -- Olivier
On 21/08/2003 00:16, Andrew Timberlake wrote:
Olivier
The following is an extract from a component I wrote in which I access the UserContext. This code retrieves the UserHandler and then gets a DocumentFragment of the contents of the data element which I then process further using standard DOM methods. I hope this helps a bit.
<snip> SessionManager sessionManager = (SessionManager) this.manager.lookup(SessionManager.ROLE); Session session = sessionManager.getSession(true); UserState userState = (UserState) session.getAttribute(DefaultAuthenticationManager.SESSION_ATTRIBUTE_USER_STATUS);
if(userState != null) { UserHandler userHandler = userState.getHandler(handler); DocumentFragment fragment = userHandler.getContext().getXML("/authentication/data/"); ... } </snip>
Olivier Billard wrote:
Hi Andrew,
I have a little question about retrieving the "data" tag content.
How could you get the content ? It seems that there is no corresponding output module, and when I set a serializer instead of the classic <map:redirect-to uri="login"/> to view the <data> content, I have the following error :
"You must set a generator first before you can use a serializer."
So how can you access the data content ?
Thanks, -- Olivier
On 20/08/2003 09:21, Andrew Timberlake wrote:
Sonny
Try walking the programming logic. Starting with org.apache.cocoon.webapps.authentication.acting.LoginAction
and follow how cocoon deals with each step of the process.
One thing to watch out for is when you get code such as manager.lookup(XXX.Role) this is referencing an Interface to which an implementation class has been assigned within cocoon.xconf. An easy way to identify the implementation class is to look for a class named in one of three common ways:
<NameOfInterface>Impl.java
Simple<NameOfInterface>.java
or
Default<NameOfInterface>.java
and then continue walking the logic. This is a great way to figure out how cocoon works internally which will help your use of cocoon considerably.
Sonny Sukumar wrote:
Andrew, thank you for your time and effort to find the info below for me...it *is* proving helpful. See couple questions below...
I'm not sure that a login tag is created. The temprary context should contain an XML fragment which looks like the following:
<authentication>
<failed/>
<data>Any error message which was set by your authentication handler</data>
</authentication>
This I get from reading the few lines above the SessionConstants.TEMPORARY_CONTEXT code I mentioned above.
Ahh, that's strange...the docs mention nothing about a <failed/> tag from what I read. Is this just a tagging element of some sort? I mean, is it just always an empty element that just signals the authentication failed?
I think it is just a flag. Remember that this block is providing a generic process for handling authentication. Any block will try to provide a solution for the common problem but you don't need to use it to solve the problem in the way it was written specifically.
Example is that you need not check for the failed element to know that the auth failed as the action will pass the processing onto your failed pipeline fragment in which case, you simply need to retrieve the content of the data element and continue.
Andrew
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________
<b>Get MSN 8</b> and help protect your children with advanced parental controls. http://join.msn.com/?page=features/parental
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
