Re: Cocoon 2.1 Authentication Bug? *Please* Help

[Sonny Sukumar]

I still haven't figured this out and am ***really***
hoping for one of you to help me, as I'm not familiar
with Cocoon's source code.  The partial stack trace
I'm getting is:

java.lang.NullPointerException
        at
org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator.authenticate(PipelineAuthenticator.java:290)
        at
org.apache.cocoon.webapps.authentication.components.DefaultAuthenticationManager.login(DefaultAuthenticationManager.java:238)
        at
org.apache.cocoon.webapps.authentication.acting.LoginAction.act(LoginAction.java:118)

Line 118 in LoginAction.java reads:

UserHandler handler = authManager.login( handlerName, 
                                      
par.getParameter("application", null),
authenticationParameters); 

I've been agonizing over this for days, so I really
need the help.

--- Sonny Sukumar <[EMAIL PROTECTED]> wrote:
> 
> Hi guys,
> 
> I could not get any help for my problem on the
> Cocoon
> Users list, so this is my last resort.  I am using
> Cocoon 2.1 (with Tomcat 4.1.12 with JDK 1.4.1_01). 
> I 
> would very much appreciate your help. 
> 
> PROBLEM: I don't think the auth-login (LoginAction)
> is
> working right.  If I use <authentication
> uri="cocoon:/authenticateAdmin"/> in the handler, I 
> always get a NullPointerException in
>
org.apache.cocoon.webapps.authentication.components.PipelineAuthenticator.authenticate
> 
> at line 290 (that line is 'DocumentFragment
> authenticationFragment =
> doc.createDocumentFragment();').  On the other hand,
> if I use the raw:/ protocol as in <authentication
> uri="cocoon:/raw:/authenticateAdmin"/>, then I
> ALWAYS
> get forwarded to the redirect page, which should
> never
> happen with auth-login from what I understand from
> the
> docs.
> 
> 
> So can someone explain the reason for using the
> "raw:/" protocol in the <authentication> tag in the
> handler? It is there in the documentation
>
(http://cocoon.apache.org/2.1/developing/webapps/authentication.html),
> and it
> 
> 1.) ALWAYS causes a redirect to the pipeline set in
> the <redirect-to> handler tag (for both valid and
> invalid user name/password combinations), and 
> 2.) A printout of the "resource" request param on
> the
> redirected page shows the user name and password
> *twice*:
> 
>
/adminLogin?password=mypwd&userName=my_name&userName=my_name&password=mypwd
> 
> It's also kind of strange how the 1st set is
> opposite
> the 2nd set (password first, user name second).  My
> login test form makes one enter user name first, and
> password second (like any ordinary login form).
> 
> Ok, now here's the relevant sitemap contents:
> 
> 
> <map:component-configurations>   
>     ...
>     <authentication-manager>
>       <handlers>
>         <!-- Authenticates site administrators. -->
>         <handler name="adminAuthHandler">
>           <redirect-to
> uri="cocoon:/getAdminLoginPage"/>
>           <!-- Doesn't work, with or without 'raw:/'
> as explained above-->
>           <authentication
> uri="cocoon:/raw:/authenticateAdmin"/>
>         </handler>
>       </handlers>
>     </authentication-manager>
>     ...
>   </map:component-configurations>
> 
> 
>   ...
> 
> 
>       <!-- Generate and display the login page.-->
>       <map:match pattern="getAdminLoginPage">
>         <map:generate src="myapp/xml/adminLogin.xsp"
> type="serverpages"/>
>         <map:transform type="session"/>
>         <map:serialize type="xml"/>
>       </map:match>
> 
> 
>       <!-- Try to log in the admin. -->
>       <map:match pattern="adminLogin">
>         <map:act type="auth-login">
>           <map:parameter name="handler"
> value="adminAuthHandler"/>
>           <map:parameter name="parameter_userName" 
> value="{request-param:userName}"/>
>           <map:parameter name="parameter_password" 
> value="{request-param:password}"/>
> 
> 
>           <map:read
> src="myapp/html_test/authSucceeded.html"/>
>         </map:act>
> 
> 
>         <!-- Authentication failed -->
>         <map:read
> src="myapp/html_test/authFailed.html"/>
>       </map:match>
> 
> 
>       <!-- My auth resource, as defined in the
> handler. -->
>       <map:match pattern="authenticateAdmin">
>         <map:generate
> src="myapp/xml/authenticateAdmin.xsp" 
> type="serverpages"/>
>         <map:serialize type="xml"/>
>       </map:match>
> 
> 
>       <map:match pattern="adminLogout">
>         <map:act type="auth-logout">
>           <map:parameter name="handler"
> value="adminAuthHandler"/>
>           <!--+
>             | ::UNRESOLVED ISSUE:: SS 08/19/03
>             | Admin logout succeeded, so tell admin
> in
> some way, perhaps
>             | a static page.
>             +-->
>         </map:act>
> 
> 
>         <!--+
> 
>             | ::UNRESOLVED ISSUE:: SS 08/19/03
>             | Admin logout failed. Is that even
> possible?  What to do here?
>             +-->
>       </map:match>
> 
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
> http://sitebuilder.yahoo.com


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com