You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@lenya.apache.org by Bob Harner <bo...@gmail.com> on 2006/01/25 13:35:05 UTC
Login page GET versus POST
Hello all,
The login page for Lenya 1.2.4 (and I think 1.4 as well) uses a GET
instead of a POST, which is unacceptable to my customer and very bad
practice in general. I need to change it to a POST, but can't get it
to work.
I changed the form method in login.xsl to POST easily enough, but now
authentication always fails. The form handling apparently only likes
GET's.
I believe the sitemap.xmap handles the login form submission, sending
it to a pipeline that contains the authenticator action
(org.apache.lenya.cms.cocoon.acting.DelegatingAuthenticatorAction),
but that action always results in a failure. I'll admit I'm having
great difficulty tracing through the code trying to find where Lenya
or Cocoon distinguishes between a GET and a POST. It shouldn't be
hard, right?
Does anyone have any hints on this? This is a critical show-stopper for us.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: Login page GET versus POST
Posted by Bob Harner <bo...@gmail.com>.
On 1/26/06, Michael Wechner <mi...@wyona.com> wrote:
> Bob Harner wrote:
>
> >On 1/25/06, Michael Wechner <mi...@wyona.com> wrote:
> >
> >>Bob Harner wrote:
> >>
> >>>Hello all,
> >>>
> >>>The login page for Lenya 1.2.4 (and I think 1.4 as well) uses a GET
> >>>instead of a POST, which is unacceptable to my customer and very bad
> >>>practice in general. I need to change it to a POST, but can't get it
> >>>to work.
> >>>
> >>>I changed the form method in login.xsl to POST easily enough, but now
> >>>authentication always fails. The form handling apparently only likes
> >>>GET's.
> >>>
> >>>I believe the sitemap.xmap handles the login form submission, sending
> >>>it to a pipeline that contains the authenticator action
> >>>(org.apache.lenya.cms.cocoon.acting.DelegatingAuthenticatorAction),
> >>>but that action always results in a failure. I'll admit I'm having
> >>>great difficulty tracing through the code trying to find where Lenya
> >>>or Cocoon distinguishes between a GET and a POST. It shouldn't be
> >>>hard, right?
> >>>
> >>>Does anyone have any hints on this? This is a critical show-stopper for us.
> >>>
> >>>
> >>I am not sure about your patches:
> >>
> >>http://issues.apache.org/bugzilla/show_bug.cgi?id=38383
> >>
> >>I guess you added just part of the problem, right?
> >>
> >>Just asking, such that I won't duplicate your efforts ;-)
> >>
> >>Thanks
> >>
> >>Michi
> >>
> >
> >No, the patch is the complete solution. More detail: when we changed
> >the GET to a POST, the form wouldn't let us log in anymore. We
> >eventually figured out that the pipeline in sitemap.xmap was not even
> >running when the form used POST, because when it does this:
> >
> > <map:match type="usecase" pattern="login">
> >
> >it is only matching on "usecase=login" in the URL, disregarding any
> >POST'ed parameters (why doesn't
> >org.apache.cocoon.matching.WildcardRequestParameterMatcher look at
> >POST'ed parameters?).
> >
>
> you might to ask the Cocoon mailing list and provide a patch in case
> it's a bug.
> I will be happy to commit it ;-)
>
> > So to make it work we had to move the
> >lenya.usecase and lenya.step parameters into the form tag's action
> >attribute. Now it works fine.
> >
> >
>
> I have aplied it.
>
> Thanks a lot
>
> Michi
>
Thanks for applying!
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: Login page GET versus POST
Posted by Michael Wechner <mi...@wyona.com>.
Bob Harner wrote:
>On 1/25/06, Michael Wechner <mi...@wyona.com> wrote:
>
>
>>Bob Harner wrote:
>>
>>
>>
>>>Hello all,
>>>
>>>The login page for Lenya 1.2.4 (and I think 1.4 as well) uses a GET
>>>instead of a POST, which is unacceptable to my customer and very bad
>>>practice in general. I need to change it to a POST, but can't get it
>>>to work.
>>>
>>>I changed the form method in login.xsl to POST easily enough, but now
>>>authentication always fails. The form handling apparently only likes
>>>GET's.
>>>
>>>I believe the sitemap.xmap handles the login form submission, sending
>>>it to a pipeline that contains the authenticator action
>>>(org.apache.lenya.cms.cocoon.acting.DelegatingAuthenticatorAction),
>>>but that action always results in a failure. I'll admit I'm having
>>>great difficulty tracing through the code trying to find where Lenya
>>>or Cocoon distinguishes between a GET and a POST. It shouldn't be
>>>hard, right?
>>>
>>>Does anyone have any hints on this? This is a critical show-stopper for us.
>>>
>>>
>>>
>>>
>>I am not sure about your patches:
>>
>>http://issues.apache.org/bugzilla/show_bug.cgi?id=38383
>>
>>I guess you added just part of the problem, right?
>>
>>Just asking, such that I won't duplicate your efforts ;-)
>>
>>Thanks
>>
>>Michi
>>
>>
>>
>
>No, the patch is the complete solution. More detail: when we changed
>the GET to a POST, the form wouldn't let us log in anymore. We
>eventually figured out that the pipeline in sitemap.xmap was not even
>running when the form used POST, because when it does this:
>
> <map:match type="usecase" pattern="login">
>
>it is only matching on "usecase=login" in the URL, disregarding any
>POST'ed parameters (why doesn't
>org.apache.cocoon.matching.WildcardRequestParameterMatcher look at
>POST'ed parameters?).
>
you might to ask the Cocoon mailing list and provide a patch in case
it's a bug.
I will be happy to commit it ;-)
> So to make it work we had to move the
>lenya.usecase and lenya.step parameters into the form tag's action
>attribute. Now it works fine.
>
>
I have aplied it.
Thanks a lot
Michi
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>For additional commands, e-mail: user-help@lenya.apache.org
>
>
>
>
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
michael.wechner@wyona.com michi@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: Login page GET versus POST
Posted by Bob Harner <bo...@gmail.com>.
On 1/25/06, Michael Wechner <mi...@wyona.com> wrote:
> Bob Harner wrote:
>
> >Hello all,
> >
> >The login page for Lenya 1.2.4 (and I think 1.4 as well) uses a GET
> >instead of a POST, which is unacceptable to my customer and very bad
> >practice in general. I need to change it to a POST, but can't get it
> >to work.
> >
> >I changed the form method in login.xsl to POST easily enough, but now
> >authentication always fails. The form handling apparently only likes
> >GET's.
> >
> >I believe the sitemap.xmap handles the login form submission, sending
> >it to a pipeline that contains the authenticator action
> >(org.apache.lenya.cms.cocoon.acting.DelegatingAuthenticatorAction),
> >but that action always results in a failure. I'll admit I'm having
> >great difficulty tracing through the code trying to find where Lenya
> >or Cocoon distinguishes between a GET and a POST. It shouldn't be
> >hard, right?
> >
> >Does anyone have any hints on this? This is a critical show-stopper for us.
> >
> >
>
> I am not sure about your patches:
>
> http://issues.apache.org/bugzilla/show_bug.cgi?id=38383
>
> I guess you added just part of the problem, right?
>
> Just asking, such that I won't duplicate your efforts ;-)
>
> Thanks
>
> Michi
>
No, the patch is the complete solution. More detail: when we changed
the GET to a POST, the form wouldn't let us log in anymore. We
eventually figured out that the pipeline in sitemap.xmap was not even
running when the form used POST, because when it does this:
<map:match type="usecase" pattern="login">
it is only matching on "usecase=login" in the URL, disregarding any
POST'ed parameters (why doesn't
org.apache.cocoon.matching.WildcardRequestParameterMatcher look at
POST'ed parameters?). So to make it work we had to move the
lenya.usecase and lenya.step parameters into the form tag's action
attribute. Now it works fine.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: Login page GET versus POST
Posted by Michael Wechner <mi...@wyona.com>.
Bob Harner wrote:
>Hello all,
>
>The login page for Lenya 1.2.4 (and I think 1.4 as well) uses a GET
>instead of a POST, which is unacceptable to my customer and very bad
>practice in general. I need to change it to a POST, but can't get it
>to work.
>
>I changed the form method in login.xsl to POST easily enough, but now
>authentication always fails. The form handling apparently only likes
>GET's.
>
>I believe the sitemap.xmap handles the login form submission, sending
>it to a pipeline that contains the authenticator action
>(org.apache.lenya.cms.cocoon.acting.DelegatingAuthenticatorAction),
>but that action always results in a failure. I'll admit I'm having
>great difficulty tracing through the code trying to find where Lenya
>or Cocoon distinguishes between a GET and a POST. It shouldn't be
>hard, right?
>
>Does anyone have any hints on this? This is a critical show-stopper for us.
>
>
I am not sure about your patches:
http://issues.apache.org/bugzilla/show_bug.cgi?id=38383
I guess you added just part of the problem, right?
Just asking, such that I won't duplicate your efforts ;-)
Thanks
Michi
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>For additional commands, e-mail: user-help@lenya.apache.org
>
>
>
>
--
Michael Wechner
Wyona - Open Source Content Management - Apache Lenya
http://www.wyona.com http://lenya.apache.org
michael.wechner@wyona.com michi@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org