cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andre Juffer <ajuf...@sun3.oulu.fi>
Subject authentication-fw
Date Thu, 28 Apr 2005 19:31:57 GMT
Dear All,

for the last few days now I have been trying to get the 
authentication-fw going. And I simply don't get it to work. For now, I 
just want to see an error message appearing on the screen if the 
authentications fails.

This is what I have in the sitemap:

<map:component-configurations>
   <authentication-manager>
      <handlers>
        <handler name="sopashandler">
          <redirect-to uri="cocoon:/login" />
          <authentication uri="cocoon:raw:/accounts/authenticate" />
         </handler>
       </handlers>
     </authentication-manager>
</map:component-configurations>

The cocoon:raw:/accounts/authenticate expects two request parameters 
(userid and password). This resource returns either (for example)

<authentication>
   <ID>1113937509670</ID>
   <surname>juffer</surname>
   <email>andre.juffer@oulu.fi</email>
</authentication>

-or-

<authentication>
   <data>
     Incorrect UserID ('andre.juffer@oulu.fi') and/or password.
   </data>
</authentication>

(The userid in fact corresponds to an email address. The authenticator 
uses the XIndice XML database to get account information.) This all is 
easily testable by calling this resource manually (like 
http://localhost:8080/sopas/accounts/authenticate?userid=andre.juffer@oulu.fi&password=qwerty12).

I believe these responses are according to what is expected from this 
resouurce.

Now, I would like to see the error message

"Incorrect UserID ('andre.juffer@oulu.fi') and/or password."

appearing on the login page after a failed authorization attempt. I 
understood that the data portion of the response above in inserted in 
the temporary session context. Where is this happening: is it the 
responsibility of the authentication resource or is the action 
"auth-login" taking care of this? Currently, I assume that the action 
insert the data content in the session context (but I have tried to do 
myself with <session:putxml ../>.

I have a simple login page with

<p>
   <session:getxml context="temporary" path="/authentication/data" />
</p>
<form action="do-login" method="post">
   <dl>
     <dt>User ID (your email address):</dt>
     <dd><input name="userid" size="30" /></dd>
     <dt>Password:</dt>
     <dd><input name="password" type="password" size="30" /></dd>
     <dt>
       <input type="submit" value="Login" />
       <input type="reset"  value="Reset" />
     </dt>
     <dd></dd>
   </dl>
</form>

I think I have a communication issue somewhere between the do-login and 
the authentication resource. The sitemap contains also:

<map:match pattern="do-login">
   <map:act type="auth-login">
      <map:parameter name="handler" value="sopashandler"/>
      <map:parameter name="parameter_userid" 
value="{request-param:userid} "/>
      <map:parameter name="parameter_password" 
value="{request-param:password} "/>
      <map:redirect-to uri="index"/>
    </map:act>
  <map:redirect-to uri="login"/>
</map:match>

As a matter of fact, I never have succeeded to login, although I am 100% 
sure that the authentication resource authenticates the login if I do 
try manually (as explained above). In other words, I never reach that 
'index' resource, indicating that the authentication -always- fails.

Is there anybody out there who spots a problem?

Thanks,
Andre
-- 
Andre H. Juffer              | Phone: +358-8-553 1161
The Biocenter and            | Fax: +358-8-553-1141
     the Dep. of Biochemistry | Email: Andre.Juffer@oulu.fi
University of Oulu, Finland  | WWW: www.biochem.oulu.fi/Biocomputing/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message