Andrew, It looks like you've written your own 'authenticator' action to do authentication. All I'm saying is that you should take a look at using the authentication framework instead. It has actions like 'auth-protect', 'auth-login', 'auth-logout' and 'auth-loggedIn'.
It also looks like you've written your action to understand some kind of SQL query XML that you've devised. Again, I would recommend looking at the SQL transformer instead. I don't really have any comment to make on the shopping cart issue. I was commenting more on the way you're doing authentication and database access. Good luck! Morley -----Original Message----- From: beyaNet Consultancy [mailto:[EMAIL PROTECTED] Sent: Monday January 19, 2004 1:09 PM To: [EMAIL PROTECTED] Subject: Re: Actions, pipelines, javabeans... Morley, I hear what you are saying and have already implemented the following pipeline: <map:match pattern="login"> <map:act type="validator"> <map:parameter name="descriptor" value="context://beyarecords/content/def/form_validation-def.xml"/> <map:parameter name="validate-set" value="login" /> <map:act type="authenticator"> <!-- Ok, login details are being checked. If they exist we get logged into system --> <map:parameter name="descriptor" value="context://beyarecords/content/def/login-def.xml"/> <map:redirect-to uri="support/home"/> </map:act> </map:act> <!-- if not we get redirected back to the login page --> <map:redirect-to uri="login.html" /> </map:match> <map:match type="sessionstate" pattern="*"> <map:parameter name="attribute-name" value="pass" /> <map:parameter name="attribute-name" value="user" /> <!-- protected pipelines go here --> <map:match pattern="support/home"> ........ pipelines here ............. login-def.xml <auth-descriptor> <connection>postgresql</connection> <table name="usertbl"> <select dbcol="username" request-param="user" to-session="user" /> <select dbcol="userpassword" request-param="pass" to-session="password" /> </table> </auth-descriptor> But I want to be able to maintain a consistent relationship between object parameters and the database. I suppose the user details example is wrong as an example, think more in terms of a shopping cart. My objective is to enable users to purchase items from the site. How would I be able to update the session variables and write them to a database, ala EJb, with the method you describe? I have come across hibernate which maintains a persistent relationship between object information and what is held in the database, and am investigating that route at the moment.. what do you think? Andrew On 19 Jan 2004, at 17:28, Morley Howell wrote: Andrew, I still believe that you are making this far more complex than it needs to be! Instead of writing your own Action, use the authentication framework that comes with Cocoon. It has an action called 'auth-protect' that does everything you need it to do. It verifies that the user is logged in. If the user is not logged in, it redirects them to a login page that you configure. If they are logged in, it makes any information about that user available in the session in a way that's easy to use in Cocoon. You don't have to write your own Action, you don't have to write a JavaBean, you don't have to worry about maintaining the user information in the session - it does all of that for you!!! To protect a resource, you would use it in your pipeline something like this: <map:match pattern="some-protected-resource"> <map:act type="auth-protect"> <map:parameter name="handler" value="my-handler"/> ... whatever stuff you want here ... </map:act> </map:match> You configure the authentication framework with a handler called 'my-handler'. You can configure it with a URL to redirect to if the user is not logged in. You also configure it to get its authentication information from an internal pipeline. This other pipeline is where you access your database to verify the user's password and retrieve any other information you want to maintain about the user. It might look something like this: <map:match pattern="authenticate"> <map:generate src="authenticate-query.xml"/> <map:transform type="sql"> <map:parameter name="use-connection" value="my-connection"/> <map:parameter name="username" value="{request-param:username}"/> <map:parameter name="password" value="{request-param:password}"/> </map:transform> <map:transform type="xslt" src="stylesheets/query-2-auth-result.xsl"/> <map:serialize type="xml"/> </map:match> The XML returned from this pipeline has to follow a very simple format defined by the authentication framework. That format has a spot where you can put whatever XML you want, including first name, last name, address, shoe size, favourite colour, whatever. The XML returned from this authentication pipeline is then attached to the session and is available back in your main pipeline. In other words, the section of your main pipeline after the auth-protect action could look like this: <map:aggregate element="page"> <map:part element="user" src="cocoon:/get-auth-context"/> <map:part element="content" src="main.xml"/> </map:aggregate> <map:transform type="xslt" src="stylesheets/combine-user-and-content.xsl"/> You should probably use cinclude instead of the aggregation, but this is clearer as an example. So again, I would recommend using the components built in to Cocoon, including the authentication framework and the SQL transformer. I urge you to check out these URLs: http://cocoon.apache.org/2.1/userdocs/transformers/sql-transformer.html http://cocoon.apache.org/2.1/developing/webapps/authentication.html You should not have to code a SINGLE LINE of Java. Morley --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
