You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Markus Schulze <ma...@bg-sys.de> on 2003/05/20 15:54:50 UTC

DatabaseAuthenticatorAction Bug?

Hi,

Currently I am reading "Cocoon Developers Handbook" by Moczar/Aston and
trying some of the examples with Cocoon 2.1-Dev on
jakarta-tomcat-4.1.12-LE-jdk14, jdk 1.41.  In Chapter 12 the usage of
theDatabaseAuthenticatorAction is described.

Using the auth-def.xml as proposed, I cannot login to the sample site:
<?xml version="1.0"?>

<auth-descriptor>
  <connection>abc</connection>
  <table name="customers">
    <select dbcol="CustUserId" request-param="user" to-session="user"/>
    <select dbcol="CustPass" request-param="pass"/>
  </table>
</auth-descriptor>

The Sitemap.log shows the following (snippets):

DEBUG   (2003-05-20) 15:07.34:563   [sitemap] (/cocoon/abc/login)
HttpProcessor[8080][4]/DatabaseAuthenticatorAction: DBAUTH: query SELECT
CustUserIdCustPass FROM customers WHERE CustUserId= ? AND CustPass= ?
...
DEBUG   (2003-05-20) 15:07.34:584   [sitemap] (/cocoon/abc/login)
HttpProcessor[8080][4]/DatabaseAuthenticatorAction: exception:
java.sql.SQLException: Column not found: Unknown column
'CustUserIdCustPass' in 'field list'
      at com.mysql.jdbc.MysqlIO.sendCommand(Unknown Source)
...

The workaround is to append a space to the first dbcol param:

<?xml version="1.0"?>

<auth-descriptor>
  <connection>abc</connection>
  <table name="customers">
    <select dbcol="CustUserId " request-param="user" to-session="user"/>
    <select dbcol="CustPass" request-param="pass"/>
  </table>
</auth-descriptor>

DEBUG   (2003-05-20) 14:56.56:222   [sitemap] (/cocoon/abc/login)
HttpProcessor[8080][4]/DatabaseAuthenticatorAction: DBAUTH: query SELECT
CustUserId CustPass FROM customers WHERE CustUserId = ? AND CustPass= ?
...
DEBUG   (2003-05-20) 14:56.56:252   [sitemap] (/cocoon/abc/login)
HttpProcessor[8080][4]/DatabaseAuthenticatorAction: DBAUTH: authorized
successfully


I checked the source of DatabaseAuthenticatorAction
 * @author <a href="mailto:Martin.Man@seznam.cz">Martin Man</a>
 * @version CVS $Id: DatabaseAuthenticatorAction.java,v 1.3 2003/05/01
16:03:38 tcurdt Exp $

and private PreparedStatement getAuthQuery just seems to append the dbcol
params without inserting a "," or space.
(Which one's ANSI-SQL, by the way?).

Question:
Am I misunderstanding something in the way DatabaseAuthenticatorAction is
supposed to work or is it a bug?

---------------
Markus Schulze



---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org