<xsp:page> <authentication> <!-- esql here --> <authentication>
If you have no database results, the empty <authentication> is all thats needed to fail a login attempt.
That said, I use woody and flow, but here is the relevant snippet:
<map:match pattern="doLogin.xml">
<map:act type="auth-loggedIn">
<map:parameter name="handler" value="userhandler"/>
<map:redirect-to uri="loggedin.xml"/>
</map:act>
<map:act type="auth-login">
<map:parameter name="handler" value="userhandler"/>
<map:parameter name="username" value="{request:username}"/>
<map:parameter name="password" value="{request:password}"/>
<map:redirect-to uri="{request:contextPath}"/>
</map:act>
<map:generate src="xml/LoginFailed.xml"/>
<map:transform src="xsl/basic2document.xsl"/>
<map:serialize/>
</map:match>
This assumes your form inputs are named username and password.
Also, I notice you are using the sunrise components. I do not how many changes have been made, but this may be a factor. I use the auth-fw components from the current 2.1 cvs head.
JD
Philippe Guillard wrote:
JD and Flavio,
I found interesting these lines you sent to generate a user XML file for the auth-handler.I tested XSP generation in a separate sample to guaranty i have the right result needed by the auth handler (i suggest Flavio to do this cause i think your code doesn't render exactly this) :
<authentication> <ID>any_value</ID> <role>guest</role> <data></data> </authentication>
But i still have a big problem : i'm still really bad with parameters and the data entered in the login is not passed to my XSP/ESQL. Can you tell me how you wrote your sitemap or tell me what is wrong in mine ?
May Tanks !
Phil
-----------------------------------------------------
This is mine, the sunrise part :
<map:pipeline internal-only="true">
<map:match pattern="sunrise-authuser">
<!-- ====== ORIGINAL PIPE from 2.1.3 same in 2.1.4-dev====== -->
<!-- <map:generate src="esql.xsp" type="serverpages">
<map:parameter name="use-request-parameters" value="true"/>
<map:parameter name="parameter_name"
value="{request-param:name}"/> </map:generate>
<map:transform src="sql2html.xsl">
<map:parameter name="use-request-parameters" value="true"/>
<map:parameter name="servletPath"
value="{request:servletPath}"/>
<map:parameter name="sitemapURI"
value="{request:sitemapURI}"/>
<map:parameter name="contextPath"
value="{request:contextPath}"/>
<map:parameter name="file" value=".xsp"/>
</map:transform>
<map:serialize type="xml"/> -->
<!-- ========== PIPE MODIFIED========= -->
<map:generate src="esql.xsp" type="serverpages">
<map:parameter name="use-request-parameters" value="true"/>
</map:generate>
<map:transform src="sql2html.xsl">
<map:parameter name="use-request-parameters" value="true"/>
<map:parameter name="servletPath"
value="{request:servletPath}"/>
<map:parameter name="sitemapURI"
value="{request:sitemapURI}"/>
<map:parameter name="contextPath"
value="{request:contextPath}"/>
<map:parameter name="file" value=".xsp"/>
</map:transform>
<map:serialize type="xml"/>
</map:match>
And this is my XSP esql.xsp : ---------------------------
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- CVS: $Id: esql.xsp,v 1.3 2003/04/17 20:47:30 haul Exp $ -->
<xsp:page language="java" xmlns:xsp="http://apache.org/xsp"; xmlns:esql="http://apache.org/cocoon/SQL/v2";> xmlns:xsp-request="http://apache.org/xsp/request/2.0"; xmlns:util="http://apache.org/xsp/util/2.0"; > <authentication> <esql:connection>
<esql:pool>goother</esql:pool> <esql:execute-query> <esql:query>select id,email from member where email=<xsp-request:get-parameter name="name"/></esql:query> <esql:results> <esql:row-results> <ID><esql:get-int column="id"/></ID> <role>guest</role> <data></data> </esql:row-results> </esql:results> <esql:no-results> </esql:no-results> </esql:execute-query>
</esql:connection> </authentication> </xsp:page>
and this is my sql2html.xsl -----------------------------
<?xml version="1.0"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
xmlns:sql="http://apache.org/cocoon/SQL/2.0";>
<xsl:template match="authentication">
<authentication><xsl:apply-templates/></authentication>
</xsl:template>
<xsl:template match="ID">
<ID><xsl:apply-templates/></ID>
</xsl:template>
<xsl:template match="role">
<role><xsl:apply-templates/></role>
</xsl:template>
<xsl:template match="data">
<data><xsl:apply-templates/></data>
</xsl:template>
</xsl:stylesheet>
On Wed, 2004-02-04 at 06:22, JD Daniels wrote:
I believe the list frowns upon attachments :-)
It doesn't matter what you use to generate your user xml. As long as it has the required <authentication> and <ID> elements, the auth-fw can use it. The sample uses xsl transformations, and i use a simple xsp with esql. This makes a bunch of assumptions... ie i have a table for users, and a table for roles. you need a connection pool set up in cocoon.xconf, and you have some method of adding users and roles to your database. The write source at the end is just how i log people logging in.
<?xml version="1.0"?> <xsp:page language="java" xmlns:xsp="http://apache.org/xsp"; xmlns:esql="http://apache.org/cocoon/SQL/v2"; xmlns:xsp-request="http://apache.org/xsp/request/2.0"; xmlns:xsp-session="http://apache.org/xsp/session/2.0"; create-session="true" xmlns:source="http://apache.org/cocoon/source/1.0"; xmlns:util="http://apache.org/xsp/util/2.0"; > <authentication> <esql:connection> <esql:pool>dtmanager</esql:pool> <esql:execute-query> <esql:query> SELECT users.id, users.firstName, users.lastName, users.emailAddress, roles.id AS roleid, roles.name AS role FROM users LEFT JOIN roles ON (users.role=roles.id) WHERE userName='<xsp-request:get-parameter name="username"/>' AND password='<xsp-request:get-parameter name="password"/>' AND active='Yes' LIMIT 1 </esql:query> <esql:results> <esql:row-results> <ID><esql:get-int column="id"/></ID> <role><esql:get-string column="role"/></role> <data> <xsp-session:set-attribute name="userId"><esql:get-string column="id"/></xsp-session:set-attribute> <xsp-session:set-attribute name="userRole"><esql:get-string column="role"/></xsp-session:set-attribute> <xsp-session:set-attribute name="userFirstName"><esql:get-string column="firstName"/></xsp-session:set-attribute> <xsp-session:set-attribute name="userLastName"><esql:get-string column="lastName"/></xsp-session:set-attribute> <xsp-session:set-attribute name="userEmail"><esql:get-string column="emailAddress"/></xsp-session:set-attribute> <ID><esql:get-int column="id"/></ID> <role><esql:get-string column="role"/></role> <firstname><esql:get-string column="firstName"/></firstname> <lastname><esql:get-string column="lastName"/></lastname> <email><esql:get-string column="emailAddress"/></email> </data> <source:insert>
<source:source>context://module-files/auth/stats/<util:time format="yyyy/MM/dd"/>.xml</source:source> <source:path>/log</source:path> <source:fragment> <logon> <date><util:time format="yyyy/MM/dd"/></date> <time><util:time format="hh:mm:ss a"/></time> <user-agent><xsp-request:get-header name="user-agent"/></user-agent>
<remote-addr><xsp-request:get-remote-address/></remote-addr>
<remote-host><xsp-request:get-remote-host/></remote-host> <userFirstName><xsp-session:get-attribute name="userFirstName"/></userFirstName> <userLastName><xsp-session:get-attribute name="userLastName"/></userLastName> </logon> </source:fragment> </source:insert><esql:error-results><b>Error Results</b></esql:error-results> </esql:row-results> </esql:results> <esql:no-results> <source:insert> <source:source>context://module-files/auth/stats/<util:time format="yyyy/MM/dd"/>.xml</source:source> <source:path>/log</source:path> <source:fragment> <logonfail> <date><util:time format="yyyy/MM/dd"/></date> <time><util:time format="hh:mm:ss a"/></time> <user-agent><xsp-request:get-header name="user-agent"/></user-agent>
<remote-addr><xsp-request:get-remote-address/></remote-addr>
<remote-host><xsp-request:get-remote-host/></remote-host> <userFirstName><xsp-session:get-attribute name="userFirstName"/></userFirstName> <userName><xsp-request:get-parameter name="username"/></userName> </logonfail> </source:fragment> </source:insert> </esql:no-results> </esql:execute-query> </esql:connection> </authentication> </xsp:page>
-----Original Message----- From: Flavio Palumbo [mailto:[EMAIL PROTECTED] Sent: 2004-02-03 12:52 AM To: [EMAIL PROTECTED] Subject: RE: cocoon authentication and database access
Hi JD,
could you please send the same samples to me (or maybe to the list) ?
I have just depeloped something like this founding some problems not completely solved ; i'd like to compare my code with yours.
Thanks a lot
Flavio
I know exactly what you mean :-)
I'll send you a sample xsp file off-list.
JD -----Original Message----- From: Anna Bikkina [mailto:[EMAIL PROTECTED] Sent: 2004-02-02 9:34 AM To: [EMAIL PROTECTED] Subject: Re: cocoon authentication and database access
Could you please send me a couple of examples. I am new to xml and related stuff. I am having a tough time getting things together.
Thanks, Anna.
On Monday 02 February 2004 01:08 pm, JD Daniels wrote:
I use a simple xsp with esql to load my users
JD
-----Original Message----- From: Anna Bikkina [mailto:[EMAIL PROTECTED] Sent: 2004-02-02 8:20 AM To: [EMAIL PROTECTED] Subject: cocoon authentication and database access
Hi,
I am new to cocoon and trying to build a portal application. I already
have
an existing application written in JSP and ported in tomcat. How can I change it so that it works in cocoon. Are there any examples I can look into to
get
this task done.
Also I have do database authentication when user logs in. All cocoon examples show authentication with users in the xml file. Can anyone please direct
me
how to access databases from cocoon during authetication and in other places.
Thanks, Anna.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
