You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Markus Schulze <ma...@bg-sys.de> on 2003/05/20 15:54:50 UTC
DatabaseAuthenticatorAction Bug?
Hi,
Currently I am reading "Cocoon Developers Handbook" by Moczar/Aston and
trying some of the examples with Cocoon 2.1-Dev on
jakarta-tomcat-4.1.12-LE-jdk14, jdk 1.41. In Chapter 12 the usage of
theDatabaseAuthenticatorAction is described.
Using the auth-def.xml as proposed, I cannot login to the sample site:
<?xml version="1.0"?>
<auth-descriptor>
<connection>abc</connection>
<table name="customers">
<select dbcol="CustUserId" request-param="user" to-session="user"/>
<select dbcol="CustPass" request-param="pass"/>
</table>
</auth-descriptor>
The Sitemap.log shows the following (snippets):
DEBUG (2003-05-20) 15:07.34:563 [sitemap] (/cocoon/abc/login)
HttpProcessor[8080][4]/DatabaseAuthenticatorAction: DBAUTH: query SELECT
CustUserIdCustPass FROM customers WHERE CustUserId= ? AND CustPass= ?
...
DEBUG (2003-05-20) 15:07.34:584 [sitemap] (/cocoon/abc/login)
HttpProcessor[8080][4]/DatabaseAuthenticatorAction: exception:
java.sql.SQLException: Column not found: Unknown column
'CustUserIdCustPass' in 'field list'
at com.mysql.jdbc.MysqlIO.sendCommand(Unknown Source)
...
The workaround is to append a space to the first dbcol param:
<?xml version="1.0"?>
<auth-descriptor>
<connection>abc</connection>
<table name="customers">
<select dbcol="CustUserId " request-param="user" to-session="user"/>
<select dbcol="CustPass" request-param="pass"/>
</table>
</auth-descriptor>
DEBUG (2003-05-20) 14:56.56:222 [sitemap] (/cocoon/abc/login)
HttpProcessor[8080][4]/DatabaseAuthenticatorAction: DBAUTH: query SELECT
CustUserId CustPass FROM customers WHERE CustUserId = ? AND CustPass= ?
...
DEBUG (2003-05-20) 14:56.56:252 [sitemap] (/cocoon/abc/login)
HttpProcessor[8080][4]/DatabaseAuthenticatorAction: DBAUTH: authorized
successfully
I checked the source of DatabaseAuthenticatorAction
* @author <a href="mailto:Martin.Man@seznam.cz">Martin Man</a>
* @version CVS $Id: DatabaseAuthenticatorAction.java,v 1.3 2003/05/01
16:03:38 tcurdt Exp $
and private PreparedStatement getAuthQuery just seems to append the dbcol
params without inserting a "," or space.
(Which one's ANSI-SQL, by the way?).
Question:
Am I misunderstanding something in the way DatabaseAuthenticatorAction is
supposed to work or is it a bug?
---------------
Markus Schulze
---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
For additional commands, e-mail: cocoon-users-help@xml.apache.org