cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JD Daniels ...@datatrio.com>
Subject Re: cocoon authentication and database access
Date Fri, 06 Feb 2004 08:33:41 GMT
I would not try to pass the xsp through an xsl transformation.. it is 
not needed. just serialize the xsp as xml...

<xsp:page>
<authentication>
<!-- esql here -->
<authentication>

If you have no database results, the empty <authentication> is all thats 
needed to fail a login attempt.

That said, I use woody and flow, but here is the relevant snippet:

             <map:match pattern="doLogin.xml">
                 <map:act type="auth-loggedIn">
                   <map:parameter name="handler" value="userhandler"/>
                   <map:redirect-to uri="loggedin.xml"/>
                 </map:act>
                 <map:act type="auth-login">
                     <map:parameter name="handler" value="userhandler"/>
                     <map:parameter name="username" 
value="{request:username}"/>
                     <map:parameter name="password" 
value="{request:password}"/>
                     <map:redirect-to uri="{request:contextPath}"/>
                 </map:act>
                 <map:generate src="xml/LoginFailed.xml"/>
                 <map:transform src="xsl/basic2document.xsl"/>
                 <map:serialize/>
             </map:match>

This assumes your form inputs are named username and password.

Also, I notice you are using the sunrise components. I do not how many 
changes have been made, but this may be a factor. I use the auth-fw 
components from the current 2.1 cvs head.

JD

Philippe Guillard wrote:
> JD and Flavio,
> 
> I found interesting these lines you sent to generate a user XML file for
> the auth-handler.I tested XSP generation in a separate sample to
> guaranty i have the right result needed by the auth handler (i suggest
> Flavio to do this cause i think your code doesn't render exactly this) :
> 
> <authentication>
>     <ID>any_value</ID>
>     <role>guest</role>
>     <data></data>
> </authentication>
> 
> But i still have a big problem : i'm still really bad with parameters
> and the data entered in the login is not passed to my XSP/ESQL. Can you
> tell me how you wrote your sitemap or tell me what is wrong in mine ?
> 
> May Tanks !
> 
> Phil
> 
> 
> -----------------------------------------------------
> 
> This is mine, the sunrise part :
> 
>   <map:pipeline internal-only="true">
>      <map:match pattern="sunrise-authuser">
>  
> <!-- ====== ORIGINAL PIPE from 2.1.3 same in 2.1.4-dev====== -->
>        <!--  <map:generate src="esql.xsp" type="serverpages">
>              <map:parameter name="use-request-parameters" value="true"/>
>              <map:parameter name="parameter_name"
> value="{request-param:name}"/> 
>         </map:generate>
>         <map:transform src="sql2html.xsl">
>              <map:parameter name="use-request-parameters" value="true"/>
>              <map:parameter name="servletPath"
> value="{request:servletPath}"/>
>              <map:parameter name="sitemapURI"
> value="{request:sitemapURI}"/>
>              <map:parameter name="contextPath"
> value="{request:contextPath}"/>
>              <map:parameter name="file" value=".xsp"/>
>         </map:transform>
>        <map:serialize type="xml"/> -->
> <!-- ========== PIPE MODIFIED========= -->
>         <map:generate src="esql.xsp" type="serverpages">
>              <map:parameter name="use-request-parameters" value="true"/>
>         </map:generate>
>         <map:transform src="sql2html.xsl">
>              <map:parameter name="use-request-parameters" value="true"/>
>              <map:parameter name="servletPath"
> value="{request:servletPath}"/>
>              <map:parameter name="sitemapURI"
> value="{request:sitemapURI}"/>
>              <map:parameter name="contextPath"
> value="{request:contextPath}"/>
>              <map:parameter name="file" value=".xsp"/>
>         </map:transform>
>         <map:serialize type="xml"/>
> 
>      </map:match>
> 
> 
> And this is my XSP esql.xsp  :
> ---------------------------
> 
> <?xml version="1.0" encoding="ISO-8859-1"?>
> 
> <!-- CVS: $Id: esql.xsp,v 1.3 2003/04/17 20:47:30 haul Exp $ -->
> 
> <xsp:page language="java"
>           xmlns:xsp="http://apache.org/xsp"
>           xmlns:esql="http://apache.org/cocoon/SQL/v2">
>            xmlns:xsp-request="http://apache.org/xsp/request/2.0"
>            xmlns:util="http://apache.org/xsp/util/2.0"
>     >
> <authentication>
>    <esql:connection>
> 
>      <esql:pool>goother</esql:pool>
>        <esql:execute-query>
>          <esql:query>select id,email from member where
> email=<xsp-request:get-parameter name="name"/></esql:query>
>          <esql:results>
>               <esql:row-results>
>                  <ID><esql:get-int column="id"/></ID>
>                  <role>guest</role>
> 	         <data></data>
>               </esql:row-results>
>           </esql:results>
>           <esql:no-results>
>           </esql:no-results>
>        </esql:execute-query>
> 
>    </esql:connection>
> </authentication>
> </xsp:page>
> 
> and this is my sql2html.xsl
> -----------------------------
> 
> <?xml version="1.0"?>
> 
> <xsl:stylesheet version="1.0"
> xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
>                            
> xmlns:sql="http://apache.org/cocoon/SQL/2.0">
>   <xsl:template match="authentication">
>      <authentication><xsl:apply-templates/></authentication>
>   </xsl:template>
>   <xsl:template match="ID">
>      <ID><xsl:apply-templates/></ID>
>   </xsl:template>
>   <xsl:template match="role">
>      <role><xsl:apply-templates/></role>
>   </xsl:template>
>   <xsl:template match="data">
>      <data><xsl:apply-templates/></data>
>   </xsl:template>
> </xsl:stylesheet>
> 
> 
> On Wed, 2004-02-04 at 06:22, JD Daniels wrote:
> 
>>I believe the list frowns upon attachments :-)
>>
>>It doesn't matter what you use to generate your user xml. As long as it has
>>the required <authentication> and <ID> elements, the auth-fw can use it.
The
>>sample uses xsl transformations, and i use a simple xsp with esql.
>>This makes a bunch of assumptions... ie i have a table for users, and a
>>table for roles. you need a connection pool set up in cocoon.xconf, and you
>>have some method of adding users and roles to your database. The write
>>source at the end is just how i log people logging in.
>>
>><?xml version="1.0"?>
>><xsp:page language="java"
>>    xmlns:xsp="http://apache.org/xsp"
>>    xmlns:esql="http://apache.org/cocoon/SQL/v2"
>>    xmlns:xsp-request="http://apache.org/xsp/request/2.0"
>>    xmlns:xsp-session="http://apache.org/xsp/session/2.0"
>>create-session="true"
>>    xmlns:source="http://apache.org/cocoon/source/1.0"
>>    xmlns:util="http://apache.org/xsp/util/2.0"
>>    >
>><authentication>
>><esql:connection>
>>    <esql:pool>dtmanager</esql:pool>
>>    <esql:execute-query>
>>        <esql:query>
>>            SELECT
>>            users.id,
>>            users.firstName,
>>            users.lastName,
>>            users.emailAddress,
>>            roles.id AS roleid,
>>            roles.name AS role
>>            FROM users
>>            LEFT JOIN roles ON (users.role=roles.id)
>>            WHERE
>>            userName='<xsp-request:get-parameter name="username"/>'
>>            AND
>>            password='<xsp-request:get-parameter name="password"/>'
>>            AND active='Yes'
>>            LIMIT 1
>>        </esql:query>
>>        <esql:results>
>>            <esql:row-results>
>>                <ID><esql:get-int column="id"/></ID>
>>                <role><esql:get-string column="role"/></role>
>>                <data>
>>                    <xsp-session:set-attribute
>>name="userId"><esql:get-string column="id"/></xsp-session:set-attribute>
>>                    <xsp-session:set-attribute
>>name="userRole"><esql:get-string column="role"/></xsp-session:set-attribute>
>>                    <xsp-session:set-attribute
>>name="userFirstName"><esql:get-string
>>column="firstName"/></xsp-session:set-attribute>
>>                    <xsp-session:set-attribute
>>name="userLastName"><esql:get-string
>>column="lastName"/></xsp-session:set-attribute>
>>                    <xsp-session:set-attribute
>>name="userEmail"><esql:get-string
>>column="emailAddress"/></xsp-session:set-attribute>
>>                    <ID><esql:get-int column="id"/></ID>
>>                    <role><esql:get-string column="role"/></role>
>>                    <firstname><esql:get-string
>>column="firstName"/></firstname>
>>                    <lastname><esql:get-string
>>column="lastName"/></lastname>
>>                    <email><esql:get-string column="emailAddress"/></email>
>>                </data>
>>                <source:insert>
>>
>><source:source>context://module-files/auth/stats/<util:time
>>format="yyyy/MM/dd"/>.xml</source:source>
>>                    <source:path>/log</source:path>
>>                    <source:fragment>
>>                        <logon>
>>                            <date><util:time format="yyyy/MM/dd"/></date>
>>                            <time><util:time format="hh:mm:ss a"/></time>
>>                            <user-agent><xsp-request:get-header
>>name="user-agent"/></user-agent>
>>
>><remote-addr><xsp-request:get-remote-address/></remote-addr>
>>
>><remote-host><xsp-request:get-remote-host/></remote-host>
>>                            <userFirstName><xsp-session:get-attribute
>>name="userFirstName"/></userFirstName>
>>                            <userLastName><xsp-session:get-attribute
>>name="userLastName"/></userLastName>
>>                        </logon>
>>                    </source:fragment>
>>                </source:insert><esql:error-results><b>Error
>>Results</b></esql:error-results>
>>            </esql:row-results>
>>        </esql:results>
>>        <esql:no-results>
>>            <source:insert>
>>                <source:source>context://module-files/auth/stats/<util:time
>>format="yyyy/MM/dd"/>.xml</source:source>
>>                <source:path>/log</source:path>
>>                <source:fragment>
>>                    <logonfail>
>>                        <date><util:time format="yyyy/MM/dd"/></date>
>>                        <time><util:time format="hh:mm:ss a"/></time>
>>                        <user-agent><xsp-request:get-header
>>name="user-agent"/></user-agent>
>>
>><remote-addr><xsp-request:get-remote-address/></remote-addr>
>>
>><remote-host><xsp-request:get-remote-host/></remote-host>
>>                        <userFirstName><xsp-session:get-attribute
>>name="userFirstName"/></userFirstName>
>>                        <userName><xsp-request:get-parameter
>>name="username"/></userName>
>>                    </logonfail>
>>                </source:fragment>
>>            </source:insert>
>>        </esql:no-results>
>>    </esql:execute-query>
>></esql:connection>
>></authentication>
>></xsp:page>
>>
>>
>>
>>-----Original Message-----
>>From: Flavio Palumbo [mailto:flavio.palumbo@fastwebnet.it]
>>Sent: 2004-02-03 12:52 AM
>>To: users@cocoon.apache.org
>>Subject: RE: cocoon authentication and database access
>>
>>
>>Hi JD,
>>
>>could you please send the same samples to me (or maybe to the list) ?
>>
>>I have just depeloped something like this founding some problems not
>>completely
>>solved ; i'd like to compare my code with yours.
>>
>>Thanks a lot
>>
>>Flavio
>>
>>
>>
>>I know exactly what you mean :-)
>>
>>I'll send you a sample xsp file off-list.
>>
>>JD
>>-----Original Message-----
>>From: Anna Bikkina [mailto:anna@pinksheets.com]
>>Sent: 2004-02-02 9:34 AM
>>To: users@cocoon.apache.org
>>Subject: Re: cocoon authentication and database access
>>
>>
>>Could you please send me a couple of examples. I am new to xml and related
>>stuff. I am having a tough time getting things together.
>>
>>Thanks,
>>Anna.
>>
>>
>>On Monday 02 February 2004 01:08 pm, JD Daniels wrote:
>>
>>>I use a simple xsp with esql to load my users
>>>
>>>JD
>>>
>>>-----Original Message-----
>>>From: Anna Bikkina [mailto:anna@pinksheets.com]
>>>Sent: 2004-02-02 8:20 AM
>>>To: users@cocoon.apache.org
>>>Subject: cocoon authentication and database access
>>>
>>>
>>>Hi,
>>>
>>>I am new to cocoon and trying to build a portal application. I already
>>
>>have
>>
>>>an
>>>existing application written in JSP and ported in tomcat. How can I change
>>>it
>>>so that it works in cocoon. Are there any examples I can look into to
>>
>>get
>>
>>>this task done.
>>>
>>>Also I have do database authentication when user logs in. All cocoon
>>>examples
>>>show authentication with users in the xml file. Can anyone please direct
>>
>>me
>>
>>>how to access databases from cocoon during authetication and in other
>>>places.
>>>
>>>
>>>Thanks,
>>>Anna.
>>>
>>>
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>>For additional commands, e-mail: users-help@cocoon.apache.org
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>>For additional commands, e-mail: users-help@cocoon.apache.org
>>
>>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message