You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Sonny Sukumar <ah...@yahoo.com> on 2003/08/25 23:58:35 UTC
Cocoon 2.1 Authentication Bug? *Please* Help
Hi guys,
I could not get any help for my problem on the Cocoon
Users list, so this is my last resort. I am using
Cocoon 2.1 (with Tomcat 4.1.12 with JDK 1.4.1_01). I
would very much appreciate your help.
PROBLEM: I don't think the auth-login (LoginAction) is
working right. If I use <authentication
uri="cocoon:/authenticateAdmin"/> in the handler, I
always get a NullPointerException in
org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator.authenticate
at line 290 (that line is 'DocumentFragment
authenticationFragment =
doc.createDocumentFragment();'). On the other hand,
if I use the raw:/ protocol as in <authentication
uri="cocoon:/raw:/authenticateAdmin"/>, then I ALWAYS
get forwarded to the redirect page, which should never
happen with auth-login from what I understand from the
docs.
So can someone explain the reason for using the
"raw:/" protocol in the <authentication> tag in the
handler? It is there in the documentation
(http://cocoon.apache.org/2.1/developing/webapps/authentication.html),
and it
1.) ALWAYS causes a redirect to the pipeline set in
the <redirect-to> handler tag (for both valid and
invalid user name/password combinations), and
2.) A printout of the "resource" request param on the
redirected page shows the user name and password
*twice*:
/adminLogin?password=mypwd&userName=my_name&userName=my_name&password=mypwd
It's also kind of strange how the 1st set is opposite
the 2nd set (password first, user name second). My
login test form makes one enter user name first, and
password second (like any ordinary login form).
Ok, now here's the relevant sitemap contents:
<map:component-configurations>
...
<authentication-manager>
<handlers>
<!-- Authenticates site administrators. -->
<handler name="adminAuthHandler">
<redirect-to
uri="cocoon:/getAdminLoginPage"/>
<!-- Doesn't work, with or without 'raw:/'
as explained above-->
<authentication
uri="cocoon:/raw:/authenticateAdmin"/>
</handler>
</handlers>
</authentication-manager>
...
</map:component-configurations>
...
<!-- Generate and display the login page.-->
<map:match pattern="getAdminLoginPage">
<map:generate src="myapp/xml/adminLogin.xsp"
type="serverpages"/>
<map:transform type="session"/>
<map:serialize type="xml"/>
</map:match>
<!-- Try to log in the admin. -->
<map:match pattern="adminLogin">
<map:act type="auth-login">
<map:parameter name="handler"
value="adminAuthHandler"/>
<map:parameter name="parameter_userName"
value="{request-param:userName}"/>
<map:parameter name="parameter_password"
value="{request-param:password}"/>
<map:read
src="myapp/html_test/authSucceeded.html"/>
</map:act>
<!-- Authentication failed -->
<map:read
src="myapp/html_test/authFailed.html"/>
</map:match>
<!-- My auth resource, as defined in the
handler. -->
<map:match pattern="authenticateAdmin">
<map:generate
src="myapp/xml/authenticateAdmin.xsp"
type="serverpages"/>
<map:serialize type="xml"/>
</map:match>
<map:match pattern="adminLogout">
<map:act type="auth-logout">
<map:parameter name="handler"
value="adminAuthHandler"/>
<!--+
| ::UNRESOLVED ISSUE:: SS 08/19/03
| Admin logout succeeded, so tell admin in
some way, perhaps
| a static page.
+-->
</map:act>
<!--+
| ::UNRESOLVED ISSUE:: SS 08/19/03
| Admin logout failed. Is that even
possible? What to do here?
+-->
</map:match>
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
RE: Cocoon 2.1 Authentication Bug? *Please* Help
Posted by Carsten Ziegeler <cz...@s-und-n.de>.
Hi,
thanks for reporting the NPE, I just committed a patch that
should fix the NPE problem.
Now, from the stacktrace I guess that for any reason your
authentication pipeline, cocoon:/authenticateAdmin is not
working properly. I suggest to use it standalone first,
which means call it directly and pass the parameters
and see what happens.
Now, the difference between cocoon: and cocoon:raw: is, that
cocoon: passes the request parameters of the original request
to the internal request as well and cocoon:raw: not. So,
if you use cocoon: it's usual that you have the parameters twice
as the login action adds the parameters a second time.
Please note, that it has to be cocoon:raw:/ and not cocoon:/raw:/.
HTH
Carsten
> -----Original Message-----
> From: Sonny Sukumar [mailto:ahimsadesi@yahoo.com]
> Sent: Tuesday, August 26, 2003 5:53 AM
> To: dev@cocoon.apache.org
> Subject: Re: Cocoon 2.1 Authentication Bug? *Please* Help
>
>
>
> I still haven't figured this out and am ***really***
> hoping for one of you to help me, as I'm not familiar
> with Cocoon's source code. The partial stack trace
> I'm getting is:
>
> java.lang.NullPointerException
> at
> org.apache.cocoon.webapps.authentication.components.PipelineAuthen
> ticator.authenticate(PipelineAuthenticator.java:290)
> at
> org.apache.cocoon.webapps.authentication.components.DefaultAuthent
> icationManager.login(DefaultAuthenticationManager.java:238)
> at
> org.apache.cocoon.webapps.authentication.acting.LoginAction.act(Lo
ginAction.java:118)
>
> Line 118 in LoginAction.java reads:
>
> UserHandler handler = authManager.login( handlerName,
>
> par.getParameter("application", null),
> authenticationParameters);
>
> I've been agonizing over this for days, so I really
> need the help.
>
> --- Sonny Sukumar <ah...@yahoo.com> wrote:
> >
> > Hi guys,
> >
> > I could not get any help for my problem on the
> > Cocoon
> > Users list, so this is my last resort. I am using
> > Cocoon 2.1 (with Tomcat 4.1.12 with JDK 1.4.1_01).
> > I
> > would very much appreciate your help.
> >
> > PROBLEM: I don't think the auth-login (LoginAction)
> > is
> > working right. If I use <authentication
> > uri="cocoon:/authenticateAdmin"/> in the handler, I
> > always get a NullPointerException in
> >
> org.apache.cocoon.webapps.authentication.components.PipelineAuthen
> ticator.authenticate
> >
> > at line 290 (that line is 'DocumentFragment
> > authenticationFragment =
> > doc.createDocumentFragment();'). On the other hand,
> > if I use the raw:/ protocol as in <authentication
> > uri="cocoon:/raw:/authenticateAdmin"/>, then I
> > ALWAYS
> > get forwarded to the redirect page, which should
> > never
> > happen with auth-login from what I understand from
> > the
> > docs.
> >
> >
> > So can someone explain the reason for using the
> > "raw:/" protocol in the <authentication> tag in the
> > handler? It is there in the documentation
> >
> (http://cocoon.apache.org/2.1/developing/webapps/authentication.html),
> > and it
> >
> > 1.) ALWAYS causes a redirect to the pipeline set in
> > the <redirect-to> handler tag (for both valid and
> > invalid user name/password combinations), and
> > 2.) A printout of the "resource" request param on
> > the
> > redirected page shows the user name and password
> > *twice*:
> >
> >
> /adminLogin?password=mypwd&userName=my_name&userName=my_name&passw
> ord=mypwd
> >
> > It's also kind of strange how the 1st set is
> > opposite
> > the 2nd set (password first, user name second). My
> > login test form makes one enter user name first, and
> > password second (like any ordinary login form).
> >
> > Ok, now here's the relevant sitemap contents:
> >
> >
> > <map:component-configurations>
> > ...
> > <authentication-manager>
> > <handlers>
> > <!-- Authenticates site administrators. -->
> > <handler name="adminAuthHandler">
> > <redirect-to
> > uri="cocoon:/getAdminLoginPage"/>
> > <!-- Doesn't work, with or without 'raw:/'
> > as explained above-->
> > <authentication
> > uri="cocoon:/raw:/authenticateAdmin"/>
> > </handler>
> > </handlers>
> > </authentication-manager>
> > ...
> > </map:component-configurations>
> >
> >
> > ...
> >
> >
> > <!-- Generate and display the login page.-->
> > <map:match pattern="getAdminLoginPage">
> > <map:generate src="myapp/xml/adminLogin.xsp"
> > type="serverpages"/>
> > <map:transform type="session"/>
> > <map:serialize type="xml"/>
> > </map:match>
> >
> >
> > <!-- Try to log in the admin. -->
> > <map:match pattern="adminLogin">
> > <map:act type="auth-login">
> > <map:parameter name="handler"
> > value="adminAuthHandler"/>
> > <map:parameter name="parameter_userName"
> > value="{request-param:userName}"/>
> > <map:parameter name="parameter_password"
> > value="{request-param:password}"/>
> >
> >
> > <map:read
> > src="myapp/html_test/authSucceeded.html"/>
> > </map:act>
> >
> >
> > <!-- Authentication failed -->
> > <map:read
> > src="myapp/html_test/authFailed.html"/>
> > </map:match>
> >
> >
> > <!-- My auth resource, as defined in the
> > handler. -->
> > <map:match pattern="authenticateAdmin">
> > <map:generate
> > src="myapp/xml/authenticateAdmin.xsp"
> > type="serverpages"/>
> > <map:serialize type="xml"/>
> > </map:match>
> >
> >
> > <map:match pattern="adminLogout">
> > <map:act type="auth-logout">
> > <map:parameter name="handler"
> > value="adminAuthHandler"/>
> > <!--+
> > | ::UNRESOLVED ISSUE:: SS 08/19/03
> > | Admin logout succeeded, so tell admin
> > in
> > some way, perhaps
> > | a static page.
> > +-->
> > </map:act>
> >
> >
> > <!--+
> >
> > | ::UNRESOLVED ISSUE:: SS 08/19/03
> > | Admin logout failed. Is that even
> > possible? What to do here?
> > +-->
> > </map:match>
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site
> > design software
> > http://sitebuilder.yahoo.com
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
>
Re: Cocoon 2.1 Authentication Bug? *Please* Help
Posted by Sonny Sukumar <ah...@yahoo.com>.
I still haven't figured this out and am ***really***
hoping for one of you to help me, as I'm not familiar
with Cocoon's source code. The partial stack trace
I'm getting is:
java.lang.NullPointerException
at
org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator.authenticate(PipelineAuthenticator.java:290)
at
org.apache.cocoon.webapps.authentication.components.DefaultAuthenticationManager.login(DefaultAuthenticationManager.java:238)
at
org.apache.cocoon.webapps.authentication.acting.LoginAction.act(LoginAction.java:118)
Line 118 in LoginAction.java reads:
UserHandler handler = authManager.login( handlerName,
par.getParameter("application", null),
authenticationParameters);
I've been agonizing over this for days, so I really
need the help.
--- Sonny Sukumar <ah...@yahoo.com> wrote:
>
> Hi guys,
>
> I could not get any help for my problem on the
> Cocoon
> Users list, so this is my last resort. I am using
> Cocoon 2.1 (with Tomcat 4.1.12 with JDK 1.4.1_01).
> I
> would very much appreciate your help.
>
> PROBLEM: I don't think the auth-login (LoginAction)
> is
> working right. If I use <authentication
> uri="cocoon:/authenticateAdmin"/> in the handler, I
> always get a NullPointerException in
>
org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator.authenticate
>
> at line 290 (that line is 'DocumentFragment
> authenticationFragment =
> doc.createDocumentFragment();'). On the other hand,
> if I use the raw:/ protocol as in <authentication
> uri="cocoon:/raw:/authenticateAdmin"/>, then I
> ALWAYS
> get forwarded to the redirect page, which should
> never
> happen with auth-login from what I understand from
> the
> docs.
>
>
> So can someone explain the reason for using the
> "raw:/" protocol in the <authentication> tag in the
> handler? It is there in the documentation
>
(http://cocoon.apache.org/2.1/developing/webapps/authentication.html),
> and it
>
> 1.) ALWAYS causes a redirect to the pipeline set in
> the <redirect-to> handler tag (for both valid and
> invalid user name/password combinations), and
> 2.) A printout of the "resource" request param on
> the
> redirected page shows the user name and password
> *twice*:
>
>
/adminLogin?password=mypwd&userName=my_name&userName=my_name&password=mypwd
>
> It's also kind of strange how the 1st set is
> opposite
> the 2nd set (password first, user name second). My
> login test form makes one enter user name first, and
> password second (like any ordinary login form).
>
> Ok, now here's the relevant sitemap contents:
>
>
> <map:component-configurations>
> ...
> <authentication-manager>
> <handlers>
> <!-- Authenticates site administrators. -->
> <handler name="adminAuthHandler">
> <redirect-to
> uri="cocoon:/getAdminLoginPage"/>
> <!-- Doesn't work, with or without 'raw:/'
> as explained above-->
> <authentication
> uri="cocoon:/raw:/authenticateAdmin"/>
> </handler>
> </handlers>
> </authentication-manager>
> ...
> </map:component-configurations>
>
>
> ...
>
>
> <!-- Generate and display the login page.-->
> <map:match pattern="getAdminLoginPage">
> <map:generate src="myapp/xml/adminLogin.xsp"
> type="serverpages"/>
> <map:transform type="session"/>
> <map:serialize type="xml"/>
> </map:match>
>
>
> <!-- Try to log in the admin. -->
> <map:match pattern="adminLogin">
> <map:act type="auth-login">
> <map:parameter name="handler"
> value="adminAuthHandler"/>
> <map:parameter name="parameter_userName"
> value="{request-param:userName}"/>
> <map:parameter name="parameter_password"
> value="{request-param:password}"/>
>
>
> <map:read
> src="myapp/html_test/authSucceeded.html"/>
> </map:act>
>
>
> <!-- Authentication failed -->
> <map:read
> src="myapp/html_test/authFailed.html"/>
> </map:match>
>
>
> <!-- My auth resource, as defined in the
> handler. -->
> <map:match pattern="authenticateAdmin">
> <map:generate
> src="myapp/xml/authenticateAdmin.xsp"
> type="serverpages"/>
> <map:serialize type="xml"/>
> </map:match>
>
>
> <map:match pattern="adminLogout">
> <map:act type="auth-logout">
> <map:parameter name="handler"
> value="adminAuthHandler"/>
> <!--+
> | ::UNRESOLVED ISSUE:: SS 08/19/03
> | Admin logout succeeded, so tell admin
> in
> some way, perhaps
> | a static page.
> +-->
> </map:act>
>
>
> <!--+
>
> | ::UNRESOLVED ISSUE:: SS 08/19/03
> | Admin logout failed. Is that even
> possible? What to do here?
> +-->
> </map:match>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
> http://sitebuilder.yahoo.com
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com