Cocoon 2.1 Auth Bug??? [was "1 more auth question.."]

[Sonny Sukumar]

I'm using Cocoon version 2.1, and I downloaded it the day after it was 
officially released a week or two ago.  I don't think it can be anything but 
a bug in Cocoon itself, which is very troubling to me since I need this to 
work.

To reiterate what I think is the bug, the auth-login action doesn't seem to 
work--it just always redirects to the redirect-to document defined in the 
auth handler.

I really would like to know if *anybody* out there is successfully using the 
authentication framework in Cocoon 2.1.  Can anybody in the developer 
community help me out?  Should I join that list and post on there??

Thanks,

Sonny



Sonny

I have looked through all of this and I cannot see anything wrong.
I agree with your comment about the redirect only happening within an
auth-prodect.
The only thing you are doing differently to me is that you are using
map:read and I use redirects on success and a full
generate-transform-serialize process on failure.
Which version of Cocoon are you using? Maybe there is a bug in the
version you are using???
Andrew

Sonny Sukumar wrote:
> Hi Andrew,
>
> My point was that the login page should never get involved, since no
> redirect should occur to it using auth-login.  Neverthless, I must be
> missing something, so here's my authentication sitemap code in its
> entirety, including the handler configuration.  Take a look and let me
> know if you see something amiss.
>
>  <map:component-configurations>
>    ...
>    <authentication-manager>
>      <handlers>
>        <!-- Authenticates site administrators. -->
>        <handler name="adminAuthHandler">
>          <redirect-to uri="cocoon:/getAdminLoginPage"/>
>          <authentication uri="cocoon:/raw:/authenticateAdmin"/>
>        </handler>
>      </handlers>
>    </authentication-manager>
>    ...
>  </map:component-configurations>
>
>  ...
>
>      <!-- Generate and display the login page.-->
>      <map:match pattern="getAdminLoginPage">
>        <map:generate src="myapp/xml/adminLogin.xsp" type="serverpages"/>
>        <map:transform type="session"/>
>        <map:serialize type="xml"/>
>      </map:match>
>
>      <!-- Try to log in the admin. -->
>      <map:match pattern="adminLogin">
>        <map:act type="auth-login">
>          <map:parameter name="handler" value="adminAuthHandler"/>
>          <map:parameter name="parameter_userName"
> value="{request-param:userName}"/>
>          <map:parameter name="parameter_password"
> value="{request-param:password}"/>
>
>          <map:read src="myapp/html_test/authSucceeded.html"/>
>        </map:act>
>
>        <!-- Authentication failed -->
>        <map:read src="myapp/html_test/authFailed.html"/>
>      </map:match>
>
>      <!-- My auth resource, as defined in the handler. -->
>      <map:match pattern="authenticateAdmin">
>        <map:generate src="myapp/xml/authenticateAdmin.xsp"
> type="serverpages"/>
>        <map:serialize type="xml"/>
>      </map:match>
>
>      <map:match pattern="adminLogout">
>        <map:act type="auth-logout">
>          <map:parameter name="handler" value="adminAuthHandler"/>
>          <!--+
>
>            | ::UNRESOLVED ISSUE:: SS 08/19/03
>            |
>            | Admin logout succeeded, so tell admin in some way, perhaps
>            | a static page.
>
>            +-->
>        </map:act>
>
>        <!--+
>
>            | ::UNRESOLVED ISSUE:: SS 08/19/03
>            |
>            | Admin logout failed. Is that even possible?  What to do 
here?
>
>            +-->
>      </map:match>
>
>> From: Andrew Timberlake <[EMAIL PROTECTED]>
>> Reply-To: [EMAIL PROTECTED]
>> To: [EMAIL PROTECTED]
>> Subject: Re: 1 more auth question..
>> Date: Sun, 24 Aug 2003 12:58:22 +0200
>>
>> Sonny
>>
>> I've had a look and I'm not sure why this is happenning.
>> There are bits of the sitemap missing which are still part of the auth
>> process such as your login page itself. Maybe the problem lies there
>> somewhere???
>>
>> Sorry I can't help further.
>>
>> Andrew
>>
>> Sonny Sukumar wrote:
>>> Update: I was mistake before when I said that if the login suceeds,
>>> the correct html file is shown.  It's not.  Rather, in both cases I'm
>>> redirected to the pipeline defined in the authentication handler.
>>>
>>> To reiterate, this confuses me because I thought no such redirect
>>> should ever occur with auth-login, but rather only with
>>> auth-protect.  Again, take a look at the sitemap snippet from my
>>> original post (below here).
>>>
>>> Any insights would be great,
>>>
>>> Sonny
>>>
>>>> From: "Sonny Sukumar" <[EMAIL PROTECTED]>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Hi Andrew,
>>>>
>>>> Thanks for that tip.  But there seems to be something else going on
>>>> as well....
>>>>
>>>> If the login succeeds, the correct static html file is shown (see
>>>> the the sitemap snippet I gave before--below), but if it fails then
>>>> I end up being redirected to the "redirect-to" page defined for the
>>>> auth handler.  I thought that if the auth-login fails, then it would
>>>> just read whatever comes after the action (another static html file,
>>>> for testing at least).
>>>>
>>>> To add to the strangeness, the redirected to page (a login page I
>>>> generate) shows the originally requested URI  (I embed the
>>>> originally requested URI in the generated login page) as getting the
>>>> userName and password each **twice**.  Here's what it says is the
>>>> originally requested URI:
>>>>
>>>> 
/adminLogin?password=test_pwd&userName=test_user&userName=test_user&pass
>>>>word=test_pwd
>>>>
>>>>
>>>>
>>>> The Cocoon documentation doesn't say anything to explain this
>>>> behavior, but then again it wasn't very clear about the other things
>>>> either.
>>>>
>>>> Do you have any ideas on this?
>>>>
>>>> Thanks again,
>>>>
>>>> Sonny
>>>>
>>>>> From: Andrew Timberlake <[EMAIL PROTECTED]>
>>>>> Reply-To: [EMAIL PROTECTED]
>>>>> To: [EMAIL PROTECTED]
>>>>> Subject: Re: 1 more auth question..
>>>>> Date: Sat, 23 Aug 2003 15:34:57 +0200
>>>>>
>>>>> Sonny
>>>>>
>>>>> Look at this snippet:
>>>>> <map:parameter name="parameter_userName"
>>>>>  value="{request-param:userName}"/>
>>>>> <map:parameter name="parameter_password"
>>>>>  value="{request-param:password}"/>
>>>>> Here you are passing two parameters to the auth action named
>>>>> parameter_userName and parameter_password. The values of each of
>>>>> these parameters is coming directly from the request parameters via
>>>>> the request-param input module.
>>>>>
>>>>> If you look at the source for the auth-login action
>>>>> (org.apache.cocoon.webapps.authentication.acting.LoginAction) on
>>>>> lines 104-107 the action is taking all parameters beginning with
>>>>> "parameter_" and passing them as parameters to the authentication
>>>>> resource.
>>>>> ie. if you set the above parameters for the auth-login action, they
>>>>> will be passed to your XSP as two parameters: userName and password
>>>>> (dropped the "parameter_" bit.
>>>>> Therefore your XSP code should be similar to the following:
>>>>> ...
>>>>> String userName = parameters.getParameter("userName");
>>>>> String password = parameters.getParameter("password");
>>>>> ...
>>>>>
>>>>> Hope this helps
>>>>>
>>>>> Andrew
>>>>>
>>>>> Sonny Sukumar wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I'm not clear on how the authentication resource gets parameters
>>>>>> that are passed to it from <auth-login>.  My auth resource is an
>>>>>> XSP, and I try to fetch them as request params.  However, I'm not
>>>>>> sure if that's correct because I've verified that my auth resource
>>>>>> produces output matching the <authentication>...</authentication>
>>>>>> scheme it is supposed to when given request params, but yet the
>>>>>> <auth-login> always seems to fail.
>>>>>>
>>>>>> Here's my sitemap snippet:
>>>>>>
>>>>>>    <!-- Try to log in an admin. -->
>>>>>>    <map:match pattern="adminLogin">
>>>>>>        <map:act type="auth-login">
>>>>>>          <map:parameter name="handler" value="adminAuthHandler"/>
>>>>>>          <map:parameter name="parameter_userName"
>>>>>> value="{request-param:userName}"/>
>>>>>>          <map:parameter name="parameter_password"
>>>>>> value="{request-param:password}"/>
>>>>>>
>>>>>>          <!-- Really should be a redirect here, but this is for
>>>>>> simplicity of illustration.-->
>>>>>>          <map:read src="myapp/authSuccessful.html"/>
>>>>>>        </map:act>
>>>>>>
>>>>>>        <!-- Authentication failed -->
>>>>>>        <map:read src="myapp/authFailed.html"/>
>>>>>>    </map:match>
>>>>>>
>>>>>>    <!-- Auth resource -->
>>>>>>    <map:match pattern="authenticateAdmin">
>>>>>>        <map:generate src="redpouch/xml/authenticateAdmin.xsp"
>>>>>> type="serverpages"/>
>>>>>>        <map:serialize type="xml"/>
>>>>>>    </map:match>
>>>>>>
>>>>>> Here's my handler declaration:
>>>>>>
>>>>>> <!-- Authenticates site administrators. -->
>>>>>> <handler name="adminAuthHandler">
>>>>>>  <redirect-to uri="cocoon:/getAdminLoginPage"/>
>>>>>>  <authentication uri="cocoon:/raw:/authenticateAdmin"/>
>>>>>> </handler>
>>>>>>
>>>>>> So I try to do 'request.getParameter("userName")' and
>>>>>> 'request.getParameter("password")' in my XSP (i.e. my auth
>>>>>> resource), but authFailed.html is **always** shown, whether or not
>>>>>> the user name/password combination is valid.
>>>>>>
>>>>>> I also still don't quite understand why the 'raw:/' subprotocol
>>>>>> needs to be used in the <authentication> tag in the handler.  It
>>>>>> is that way in the docs, but I tried both with and without it, and
>>>>>> the auth fails no matter what.
>>>>>>
>>>>>> I'd appreciate any hints. :-)
>>>>>>
>>>>>> Sonny
>>>>>>
>>>>>> _________________________________________________________________
>>>>>> MSN 8: Get 6 months for $9.95/month.
>>>>>> http://join.msn.com/?page=dept/dialup
>>>>>>
>>>>>>
>>>>>> 
---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>>
>>>>> 
---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>
>>>> _________________________________________________________________
>>>> MSN 8: Get 6 months for $9.95/month.
>>>> http://join.msn.com/?page=dept/dialup
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>> _________________________________________________________________
>>> Get MSN 8 and help protect your children with advanced parental
>>> controls.  http://join.msn.com/?page=features/parental
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>
> _________________________________________________________________
> MSN 8: Get 6 months for $9.95/month 
http://join.msn.com/?page=dept/dialup

-------------------------------------------------------
_________________________________________________________________
MSN 8: Get 6 months for $9.95/month. http://join.msn.com/?page=dept/dialup
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]