Hi all,
I'm not clear on how the authentication resource gets parameters that are passed to it from <auth-login>. My auth resource is an XSP, and I try to fetch them as request params. However, I'm not sure if that's correct because I've verified that my auth resource produces output matching the <authentication>...</authentication> scheme it is supposed to when given request params, but yet the <auth-login> always seems to fail.
Here's my sitemap snippet:
<!-- Try to log in an admin. -->
<map:match pattern="adminLogin">
<map:act type="auth-login">
<map:parameter name="handler" value="adminAuthHandler"/>
<map:parameter name="parameter_userName" value="{request-param:userName}"/>
<map:parameter name="parameter_password" value="{request-param:password}"/>
<!-- Really should be a redirect here, but this is for simplicity of illustration.-->
<map:read src="myapp/authSuccessful.html"/>
</map:act>
<!-- Authentication failed -->
<map:read src="myapp/authFailed.html"/>
</map:match><!-- Auth resource -->
<map:match pattern="authenticateAdmin">
<map:generate src="redpouch/xml/authenticateAdmin.xsp" type="serverpages"/>
<map:serialize type="xml"/>
</map:match>
Here's my handler declaration:
<!-- Authenticates site administrators. --> <handler name="adminAuthHandler"> <redirect-to uri="cocoon:/getAdminLoginPage"/> <authentication uri="cocoon:/raw:/authenticateAdmin"/> </handler>
So I try to do 'request.getParameter("userName")' and 'request.getParameter("password")' in my XSP (i.e. my auth resource), but authFailed.html is **always** shown, whether or not the user name/password combination is valid.
I also still don't quite understand why the 'raw:/' subprotocol needs to be used in the <authentication> tag in the handler. It is that way in the docs, but I tried both with and without it, and the auth fails no matter what.
I'd appreciate any hints. :-)
Sonny
_________________________________________________________________ MSN 8: Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
