Authentification

Is it possible to declare variables accessible anywhere? In the epilogue ?

The same idea would be also for me to put my authentication (if one is not authenticated, I forward him to the home page) in the epilogue so that I don't need to do this on every page :


        <p:processor name="oxf:scope-generator" xmlns:p="http://www.orbeon.com/oxf/pipeline"> 
                <p:input name="config">
                        <config>
                                <key>authentification</key>
                                <scope>session</scope>
                        </config>
                </p:input> 
                <p:output name="data" id="auth"/> 
        </p:processor>

        <p:choose href="#auth" xmlns:p="http://www.orbeon.com/oxf/pipeline">
                <p:when test="//cgcuser/authenticated='false'">
                        <p:processor name="oxf:redirect" xmlns:p="http://www.orbeon.com/oxf/pipeline"> 
                                <p:input name="data"> 
                                        <redirect-url> 
                                                <path-info>/</path-info> 
                                        </redirect-url> 
                                </p:input> 
                        </p:processor>
                </p:when>
        </p:choose>

Any idea?

Hi,

I usually do this authentication thing in my main page-flow.xpl file,
like this:

<?xml version="1.0" encoding="UTF-8" ?>
<p:config xmlns:p="http://www.orbeon.com/oxf/pipeline"
          xmlns:oxf="http://www.orbeon.com/oxf/processors">
    <p:processor name="oxf:request"
                 xmlns:p="http://www.orbeon.com/oxf/pipeline">
        <p:input name="config">
            <config>
                <include>/request/request-path</include>
            </config>
        </p:input>
        <p:output name="data" id="request" />
    </p:processor>
    <p:choose href="#request">
        <p:when test="not(starts-with(/request/request-path,'/login'))">
            <p:processor name="oxf:scope-generator">
                <p:input name="config">
                    <config>
                        <key>session_data</key>
                        <scope>session</scope>
                        <session-scope>application</session-scope>
                    </config>
                </p:input>
                <p:output name="data" id="session_data" />
            </p:processor>
            <p:choose href="#session_data">
                <p:when test="/user/@id!=''"></p:when>
                <p:otherwise>
                    <p:processor name="oxf:redirect">
                        <p:input name="data">
                            <redirect-url>
                                <path-info>/login</path-info>
                            </redirect-url>
                        </p:input>
                    </p:processor>
                </p:otherwise>
            </p:choose>
        </p:when>
    </p:choose>
    <p:processor name="oxf:page-flow">
        <p:input name="controller" href="page-flow.xml"/>
    </p:processor>
</p:config>

Don't know if it's a good practice, but it works. It even does not
process any pages, if session data is incorrect, and redirects user to
login screen.


Jurgis

StephR wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

Hi Jurģis,

Jurģis Lukss-2 wrote

<config>
    <include>/request/request-path</include>
</config>

What is the use of this include ?

Jurģis Lukss-2 wrote

<p:when test="not(starts-with(/request/request-path,'/login'))"> 

What does this line do?

Thanks for the help

request-path is retrieved from HTTP headers, to check if user is entering login screen. If he is, then I don't have to check if user is logged in, because he most probably is not. Without this check, my server would go into infinite loop: check if logged in -> no -> redirect to /login -> check if logged in -> no -> redirect... and so on. Because every request for a page is run trough this page-flow.xpl. Thats just a little hack, it most probably can be solved differently, but for now it works for me.

Now, thinking about it more.. I could actually use different page-flow.xpl's for /login and for rest of the page. Then I would be able to get rid of this check :) Thanks for the idea!

StephR wrote:

Hi Jurģis,


Jurģis Lukss-2 wrote:
  

<config>
    <include>/request/request-path</include>
</config>

    

What is the use of this include ?


Jurģis Lukss-2 wrote:
  

<p:when test="not(starts-with(/request/request-path,'/login'))"> 

    

What does this line do?

Thanks for the help
  

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

In every file (*.xpl files) I check if the user is autenticated or not.


    <p:processor name="oxf:scope-generator" xmlns:p="http://www.orbeon.com/oxf/pipeline"> 
        <p:input name="config">
            <config>
                <key>authentification</key>
                <scope>session</scope>
            </config>
        </p:input>
        <p:output name="data" id="auth"/> 
    </p:processor>

    <p:choose href="#auth" xmlns:p="http://www.orbeon.com/oxf/pipeline">
        <p:when test="//cgcuser/authenticated='false'">
            <p:processor name="oxf:redirect" xmlns:p="http://www.orbeon.com/oxf/pipeline"> 
                <p:input name="data"> 
                    <redirect-url> 
                        <path-info>/</path-info> 
                    </redirect-url> 
                </p:input>     
            </p:processor>
        </p:when>
    </p:choose>
   
   
    <p:processor name="oxf:xslt" xmlns:p="http://www.orbeon.com/oxf/pipeline">
        <p:input name="data" href="<b>#auth"/>
        <p:input name="config">
            <datasource xsl:version="2.0">
                <driver-class-name>org.exist.xmldb.DatabaseImpl</driver-class-name>
                <uri>xmldb:exist:///</uri>
                <username><xsl:value-of select="//cgcuser/form/username"/></username>
                <password><xsl:value-of select="//cgcuser/form/password"/></password>
            </datasource>
        </p:input> 
        <p:output name="data" id="datasource"/> 
    </p:processor>

[...]

What you are proposing, is to create a new file, page-flow.xsl and insert the data you put on the website. In this case, I should be able to remove
the two first paragraphs above. It crashes because the line in bold doesn't know what "#auth" refers to!

Do I have to configure somewhere that page-flow.xsl is first to be executed .. .and then page-flow.xml ?

Thank you very much for your help

Steph

While not really having a clue of what I'm doing (is there any documents about this??), I changed the reference page-flow.xml to page-flow.xpl in the web.xml file.

Now I have the following message error :

"
Error Probably namespace URI of tag "config" is wrong (correct one is "http://www.orbeon.com/oxf/controller")(schema: http://www.orbeon.com/oxf/controller)
"

Here are the lines that are concerned :

<p:config xmlns:p="http://www.orbeon.com/oxf/pipeline"
                  xmlns:oxf="http://www.orbeon.com/oxf/processors">

What's wrong ??? :(

Well, it seems that Orbeon still expects page-flow.xpl to be page-flow
controller config file, but in this case it is of XPL type. Don't know
exactly how you have done it, but it usually works for me. I usually
make separate page-flow.xml to control my application's page-flow and a
page-flow.xpl. Page-flow.xpl is called first and it checks user's
authentication. If user is not authenticated, it redirects him to login
page, else (is authenticated) it calls "page-flow controller processor"
and let's controller choose which page to display using configuration
from my page-flow.xml file.

So, there is root page-flow.xml in Orbeon's resources folder. I usually
add additional line to it - <page path-info="/my-app.*"
matcher="oxf:perl5-matcher" model="/my-app/page-flow.xpl" />. It forces
Orbeon to forward all calls for /my-app URL to my page-flow XPL file. My
XPL file checks authentication and redirects user to /my-app/login or
calls page-flow controller passing my-app/page-flow.xml as it's
configuration file. So no page can be opened without passing
authentication check (even /login page, so watch out!).

I could not find documentation on oxf:page-flow processor. There is some
info on authentication -
http://www.orbeon.com/ops/doc/reference-authentication , I have never
tried that method, but it has to be the "official" way of checking
authentication (don't know how to tie it with DB, though). And there is
a file /resources/config/prologue-portlet.xpl in Orbeon folder that uses
oxf:page-flow controller, but I'm not sure what it is for.

Jurgis

StephR wrote:

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

Hi Jurgis,

Thanks for your time.

So, there is root page-flow.xml in Orbeon's resources folder. I usually add additional line to it - <page path-info="/my-app.*" matcher="oxf:perl5-matcher" model="/my-app/page-flow.xpl" />. It forces Orbeon to forward all calls for /my-app URL to my page-flow XPL file. My XPL file checks authentication and redirects user to /my-app/login or calls page-flow controller passing my-app/page-flow.xml as it's configuration file. So no page can be opened without passing authentication check (even /login page, so watch out!).

I'm still not clear on all this. I understood the idea behind it... which seems pretty easy and straight forward, but just can't figure out how to implement this in my project.

So I added the line


<page path-info="/.*" matcher="oxf:perl5-matcher" model="/page-flow.xpl" />

in my page-flow.xml. The page-flow.xpl is as attached (as you showed, I just changed a few names). First thing that bothers me, if page-flow.xml redirects to page-flow.xpl, and page-flow.xpl redirects to page-flow.xml... isn't their an infinite loop? If I uncomment that line, it works, with it, I have an java.lang.StackOverflowError.

Do you have any suggestion ?

Steph


Jurģis Lukss a écrit :

Well, it seems that Orbeon still expects page-flow.xpl to be page-flow controller config file, but in this case it is of XPL type. Don't know exactly how you have done it, but it usually works for me. I usually make separate page-flow.xml to control my application's page-flow and a page-flow.xpl. Page-flow.xpl is called first and it checks user's authentication. If user is not authenticated, it redirects him to login page, else (is authenticated) it calls "page-flow controller processor" and let's controller choose which page to display using configuration from my page-flow.xml file.

So, there is root page-flow.xml in Orbeon's resources folder. I usually add additional line to it - <page path-info="/my-app.*" matcher="oxf:perl5-matcher" model="/my-app/page-flow.xpl" />. It forces Orbeon to forward all calls for /my-app URL to my page-flow XPL file. My XPL file checks authentication and redirects user to /my-app/login or calls page-flow controller passing my-app/page-flow.xml as it's configuration file. So no page can be opened without passing authentication check (even /login page, so watch out!).

I could not find documentation on oxf:page-flow processor. There is some info on authentication - http://www.orbeon.com/ops/doc/reference-authentication , I have never tried that method, but it has to be the "official" way of checking authentication (don't know how to tie it with DB, though). And there is a file /resources/config/prologue-portlet.xpl in Orbeon folder that uses oxf:page-flow controller, but I'm not sure what it is for.

Jurgis

StephR wrote:

While not really having a clue of what I'm doing (is there any documents
about this??), I changed the reference page-flow.xml to page-flow.xpl in the
web.xml file.

Now I have the following message error :
"
Error Probably namespace URI of tag "config" is wrong (correct one is
"http://www.orbeon.com/oxf/controller")(schema:
http://www.orbeon.com/oxf/controller)
"

Here are the lines that are concerned :
<p:config xmlns:p="http://www.orbeon.com/oxf/pipeline"
          xmlns:oxf="http://www.orbeon.com/oxf/processors">

What's wrong ??? :(
 

<!--
    Copyright (C) 2006 Orbeon, Inc.

    This program is free software; you can redistribute it and/or modify it under the terms of the
    GNU Lesser General Public License as published by the Free Software Foundation; either version
    2.1 of the License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
    without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
    See the GNU Lesser General Public License for more details.

    The full text of the license is available at http://www.gnu.org/copyleft/lesser.html
-->



<config xmlns="http://www.orbeon.com/oxf/controller" xmlns:xu="http://www.xmldb.org/xupdate" xmlns:oxf="http://www.orbeon.com/oxf/processors">

        <!-- Files to serve directly -->
        <files path-info="*.gif"/>
        <files path-info="*.css"/>
        <files path-info="*.pdf"/>
        <files path-info="*.js"/>
        <files path-info="*.png"/>
        <files path-info="*.jpg"/>
        <files path-info="*.xsd"/>
        <files path-info="*.xml" mime-type="application/xml"/>
        <files path-info="*.html" mime-type="text/html"/>
        <files path-info="*.htm" mime-type="text/html"/>
        <files path-info="*.java" mime-type="text/plain"/>
        <files path-info="*.txt" mime-type="text/plain"/>
        <files path-info="*.xq" mime-type="text/plain"/>
       
        <page path-info="/.*" matcher="oxf:perl5-matcher" model="/page-flow.xpl" />
       
        <!-- ******************************************************
        *************************** Login *************************
        *********************************************************** -->
        <page id="login" path-info="/" xforms="/is/login/login-xforms-model.xml" view="/is/login/login-view.xsl">
                <action when="/form/action='enter' and /form/username!='admin'" action="/is/login/login-model.xpl">
                        <result id="success" page="home_page"/>
                </action>
        </page>
               
        <!-- ******************************************************
        ************************** Logout *************************
        *********************************************************** -->
        <page id="logout" path-info="/is/logout" model="/is/logout/logout-model.xpl"/>
       
       
        <!-- ******************************************************
        *********************** Projects Users*********************
        *********************************************************** -->
        <page id="home_page" path-info="/is/" model="/is/projectsUsers/projectsUsers-model.xpl" view="/is/projectsUsers/projectsUsers-view.xsl"/>
       
        <epilogue url="/config/epilogue.xpl"/>

</config>

<p:config xmlns:p="http://www.orbeon.com/oxf/pipeline" xmlns:oxf="http://www.orbeon.com/oxf/processors">
        <p:processor name="oxf:request" xmlns:p="http://www.orbeon.com/oxf/pipeline">
                <p:input name="config">
                        <config>
                                <include>/request/request-path</include>
                        </config>
                </p:input>
                <p:output name="data" id="request" />
        </p:processor>
        <p:choose href="#request">
                <p:when test="not(starts-with(/request/request-path,'/'))">
                        <p:processor name="oxf:scope-generator">
                                <p:input name="config">
                                        <config>
                                                <key>session_data</key>
                                                <scope>session</scope>
                                                <session-scope>application</session-scope>
                                        </config>
                                </p:input>
                                <p:output name="data" id="auth" />
                        </p:processor>
                        <p:choose href="#auth">
                                <p:when test="//cgcuser/authenticated='false'"></p:when>
                                <p:otherwise>
                                        <p:processor name="oxf:redirect">
                                                <p:input name="data">
                                                        <redirect-url>
                                                                <path-info>/</path-info>
                                                        </redirect-url>
                                                </p:input>
                                        </p:processor>
                                </p:otherwise>
                        </p:choose>
                </p:when>
        </p:choose>
        <p:processor name="oxf:page-flow">
                <p:input name="controller" href="page-flow.xml"/>
        </p:processor>
</p:config>

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

Thanks to Jurgis, I have finally done something that works ;). I would appreciate your comments, and if you think it's a good idea what I'm doing (I would like to have to nicest solution).

Goal : user must authenticate. If they try to access a page with authentification, they are redirected to login page. Once authenticate, at each request, I will check to see if they are always authentificated. On some pages, a request is made to the database using the information stored in the session.

I have omitted what I believe is unnecessary.

page-flow.xml at root :

<config xmlns="http://www.orbeon.com/oxf/controller" xmlns:xu="http://www.xmldb.org/xupdate" xmlns:oxf="http://www.orbeon.com/oxf/processors">

       
        <files path-info="*.gif"/>
        [...]
       
       
  <page path-info="/is/.*" id="home_page" matcher="oxf:perl5-matcher" model="/<b>page-flow.xpl" />
       
 
        <page id="login" path-info="/" xforms="/is/login/xforms-model.xml" view="/is/login/view.xsl">
    <action when="/form/action='enter' and /form/username!='admin'" action="/is/login/model.xpl">
                        <result id="success" page="homeCoordinator"/>
                </action>
        </page>

  <page id="homeCoordinator" path-info="/is" model="/is/projectsUsers/projectsUsers-model.xpl" view="/is/projectsUsers/projectsUsers-view.xsl"/>
 
       
        <page id="not-found" path-info="/not-found" view="/config/not-found.xml"/>
        <epilogue url="/config/epilogue.xpl"/>
        <not-found-handler page="not-found"/>
</config>

page-flow.xpl

<p:config xmlns:p="http://www.orbeon.com/oxf/pipeline" xmlns:oxf="http://www.orbeon.com/oxf/processors">
               
       
        <p:processor name="oxf:scope-generator" xmlns:p="http://www.orbeon.com/oxf/pipeline">
                <p:input name="config">
                        <config>
                                <key>authentification</key>
                                <scope>session</scope>
                                <session-scope>application</session-scope>
                        </config>
                </p:input>
                <p:output name="data" id="auth"/>
        </p:processor>

        <p:choose href="#auth" xmlns:p="http://www.orbeon.com/oxf/pipeline">
                <p:when test="not(//cgcuser/authenticated='true')">
                        <p:processor name="oxf:redirect" xmlns:p="http://www.orbeon.com/oxf/pipeline">
                                <p:input name="data">
                                        <redirect-url>
                                                <path-info>/</path-info>
                                        </redirect-url>
                                </p:input>
                        </p:processor>
                </p:when>
        </p:choose>
       
        <p:processor name="oxf:page-flow">
                <p:input name="controller" href="<b>/is/page-flow.xml"/>
        </p:processor>
</p:config> 

In is folder, I have :

page-flow.xml

<config xmlns="http://www.orbeon.com/oxf/controller" xmlns:xu="http://www.xmldb.org/xupdate" xmlns:oxf="http://www.orbeon.com/oxf/processors">

 
        <files path-info="*.gif"/>
        [...]
       
        <page id="homeCoordinator" path-info="/is" model="/is/projectsUsers/projectsUsers-model.xpl" view="/is/projectsUsers/projectsUsers-view.xsl"/>
               
       
        <page id="not-found" path-info="/not-found" view="/config/not-found.xml"/>
        <epilogue url="/config/epilogue.xpl"/>
        <not-found-handler page="not-found"/>

</config>

That's all :)!

Now, for an example, and this is where I am not really sure this is the best way :

In projectsUsers-model.xpl :

I recuperate the information from the session :

        <p:processor name="oxf:scope-generator" xmlns:p="http://www.orbeon.com/oxf/pipeline"> 
                <p:input name="config">
                        <config>
                                <key>authentification</key>
                                <scope>session</scope>
                                <session-scope>application</session-scope>
                        </config>
                </p:input> 
                <p:output name="data" id="auth"/> 
        </p:processor>

       
        <p:processor name="oxf:xslt" xmlns:p="http://www.orbeon.com/oxf/pipeline">
                <p:input name="data" href="#auth"/>
                <p:input name="config">
                        <datasource xsl:version="2.0">
                                <driver-class-name>org.exist.xmldb.DatabaseImpl</driver-class-name>
                                <uri>xmldb:exist:///</uri>
                                <username><xsl:value-of select="//cgcuser/form/username"/></username>
                                <password><xsl:value-of select="//cgcuser/form/password"/></password>
                        </datasource>
                </p:input> 
                <p:output name="data" id="datasource"/> 
        </p:processor>

What do you think ? Is there a way to not fetch twice the information from the session (one is for the authentification, the second for the information for the database queries) ?

Thank you for your help!

Stephane,

StephR wrote

Thanks to Jurgis, I have finally done something that works ;). I would appreciate your comments, and if you think it's a good idea what I'm doing (I would like to have to nicest solution).
[...]

This fine. But instead of having a first page flow, then an XPL, and then the second "real" page flow, you can skip the first page flow, and have the requests handled directly by an XPL. In your web.xml you would have:

<init-param>
    <param-name>oxf.main-processor.name</param-name>
    <param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
</init-param>
<init-param>
    <param-name>oxf.main-processor.input.config</param-name>
    <param-value>oxf:/authentication/incoming-request.xpl</param-value>
</init-param>

Then in incoming-request.xpl you:

* Either call oxf:page-flow if the user is authenticated or is accessing the login page or an static resource.
* Or call oxf:redirect to send the user to the login page.

StephR wrote

What do you think ? Is there a way to not fetch twice the information from the session (one is for the authentification, the second for the information for the database queries) ?

I wouldn't worry about fetching the information twice from the session. This is just a memory lookup so it shouldn't have a significant impact on performance.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/

I thought this was possible... I even posted about this, but my modification would just crash the whole thing :)!

I'm going to try this tomorrow... this is exactly what I was hoping! Thanks for the information!

Steph

Alessandro Vernet a écrit :

Stephane,


StephR wrote:
  

Thanks to Jurgis, I have finally done something that works ;). I would
appreciate your comments, and if you think it's a good idea what I'm doing
(I would like to have to nicest solution).
[...]

    

This fine. But instead of having a first page flow, then an XPL, and then
the second "real" page flow, you can skip the first page flow, and have the
requests handled directly by an XPL. In your web.xml you would have:

<init-param>
    <param-name>oxf.main-processor.name</param-name>
   
<param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
</init-param>
<init-param>
    <param-name>oxf.main-processor.input.config</param-name>
    <param-value>oxf:/authentication/incoming-request.xpl</param-value>
</init-param>

Then in incoming-request.xpl you:

* Either call oxf:page-flow if the user is authenticated or is accessing the
login page or an static resource.
* Or call oxf:redirect to send the user to the login page.


StephR wrote:
  

What do you think ? Is there a way to not fetch twice the information from
the session (one is for the authentification, the second for the
information for the database queries) ?

    

I wouldn't worry about fetching the information twice from the session. This
is just a memory lookup so it shouldn't have a significant impact on
performance.

Alex
  

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

On 10/15/07, Stephane Ruchet <[hidden email]> wrote:
>  I thought this was possible... I even posted about this, but my
> modification would just crash the whole thing :)!

Yes, it is definitely possible :), and we have done this in some of
the applications we built. Of course, if you can, it is simpler to use
servlet authentication which will be implemented by your servlet
container or application server.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

As I mentionned before, I have a system that works : a first page-flow.xml either redirects to the login page or the an xpl processor. The xpl processor will check if the user is authenticated, and if so, will redirect to a "second" real page-flow. If not, the user is redirected to the login page.

Now, Alex proposed a better solution : modify the web.xml so that it is not the page-flow that is called first, but the xpl processor.

So, in the web.xml, we have these lines :

        <init-param>
            <param-name>oxf.main-processor.input.controller</param-name>
            <param-value>oxf:/page-flow.xml</param-value>
        </init-param>

I believe that I have to modify this. If I remove all of it, I will have an error that the controller is not found. If I replace page-flow.xml with incoming-request.xpl, I will have an other error. What do I have to modify in web.xml so that a xpl processor is called... and no page-flow ?

You have to use a different processor name in this other parameter:

<init-param>
<param-name>oxf.main-processor.name</param-name>
<param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
</init-param>

This way, the processor will be the oxf:pipeline processor, and not the
oxf:controller processor.

-Erik

StephR wrote:
--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

Okay, got it !

Now, hopefully last question on this ;). My login page is made of a model and a view... so can I redirect it to it or would I have to create another login page that doesn't separate both? Because like now it doesn't go through the page-flow anymore, I cannot just redirect it to anything I want.

<p:processor name="oxf:redirect" xmlns:p="http://www.orbeon.com/oxf/pipeline">
                                <p:input name="data">
                                        <redirect-url>
                                                <path-info>The redirection can only work on a link that really exists ? (because I don't go through the page-flow anymore)</path-info>
                                        </redirect-url>
                                </p:input>
                        </p:processor>


I checked the little information on the oxf:redirect processor... I couldn't find anything about it.

Thanks
 

Erik Bruchez wrote

You have to use a different processor name in this other parameter:

<init-param>
<param-name>oxf.main-processor.name</param-name>
<param-value>{http://www.orbeon.com/oxf/processors}pipeline</param-value>
</init-param>

This way, the processor will be the oxf:pipeline processor, and not the
oxf:controller processor.

-Erik

StephR wrote:
> As I mentionned before, I have a system that works : a first page-flow.xml
> either redirects to the login page or the an xpl processor. The xpl
> processor will check if the user is authenticated, and if so, will redirect
> to a "second" real page-flow. If not, the user is redirected to the login
> page.
>
> Now, Alex proposed a better solution : modify the web.xml so that it is not
> the page-flow that is called first, but the xpl processor.
>
> So, in the web.xml, we have these lines :
>
>         <init-param>
>             <param-name>oxf.main-processor.input.controller</param-name>
>             <param-value>oxf:/page-flow.xml</param-value>
>         </init-param>
>
> I believe that I have to modify this. If I remove all of it, I will have an
> error that the controller is not found. If I replace page-flow.xml with
> incoming-request.xpl, I will have an other error. What do I have to modify
> in web.xml so that a xpl processor is called... and no page-flow ?
>


--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/


--
You receive this message as a subscriber of the ops-users@ow2.org mailing list.
To unsubscribe: mailto:ops-users-unsubscribe@ow2.org
For general help: mailto:sympa@ow2.org?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

Stephane,

On 10/24/07, StephR <[hidden email]> wrote: In the XPL that checks if you are authenticated (the XPL that you run
from the web.xml), you would make an exception for the login page. If
someone is requesting the login page, then you run the page flow
directly. Then in the page flow you handle the login page just like
any other page, which means you can have a model and a view for that
page.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

It's driving me nuts :)!

Web.xml has been configured to launch first authentification/incoming-request.xpl.

Here is my incoming-request.xpl :

<p:config xmlns:p="http://www.orbeon.com/oxf/pipeline" xmlns:oxf="http://www.orbeon.com/oxf/processors">

    <!-- First determine what is the requested path -->
    <p:processor name="oxf:request">
        <p:input name="config">
            <config>
                <include>/request/request-path</include>
            </config>
        </p:input>
        <p:output name="data" id="request" />
    </p:processor>

    <!-- If the user is asking anything else than the login page, we have to check if he is authenticated -->
    <p:choose href="#request">
        <p:when test="not(starts-with(/request/request-path,'/login'))">
            <p:processor name="oxf:scope-generator">
                <p:input name="config">
                    <config>
                        <key>authentification</key>
                        <scope>session</scope>
                        <session-scope>application</session-scope>
                    </config>
                </p:input>
                <p:output name="data" id="auth" />
            </p:processor>
            <p:choose href="#auth">
                <p:when test="not(//cgcuser/authenticated='true')">
                    <!-- User is not autenticated, redirect him to login page -->
                    <p:processor name="oxf:redirect">
                        <p:input name="data">
                            <redirect-url>
                                <!-- This processor will be called again after redirection and the page-flow will be executed -->
                                <path-info>/login</path-info>
                            </redirect-url>
                        </p:input>
                    </p:processor>
                </p:when>
            </p:choose>
        </p:when>
    </p:choose>

    <!-- If we get to here, user is autenticated, so just give the page-flow controller the control of the request -->
    <p:processor name="oxf:page-flow">
        <p:input name="controller" href="../page-flow.xml"/>
    </p:processor>
</p:config>

At the first launch, whatever the user puts in, he is redirect to the login.

My login processor :

    <!-- Input: XForms instance -> username and password of the user-->
    <p:param type="input" name="instance"/>
    
    <!-- Authenticate user using an eXist extension function -->
    <p:processor name="oxf:xslt">
        <p:input name="data" href="#instance"/>
        <p:input name="config">
            <xdb:query collection="/db/" xsl:version="2.0" xmlns:xmldb="http://exist-db.org/xquery/xmldb">
                xquery version "1.0";
                <authenticated>
                    {xmldb:authenticate(concat('<xsl:value-of select="doc('../datasource.xml')/*/uri"/>', '/db/'),
                                        '<xsl:value-of select="/form/username"/>',
                                        '<xsl:value-of select="/form/password"/>')}
                </authenticated>
            </xdb:query>
        </p:input>
        <p:output name="data" id="xmldb-query"/>
    </p:processor>

    <!-- execute the query -->
    <p:processor name="oxf:xmldb-query">
        <p:input name="datasource" href="../datasource.xml"/>
        <p:input name="query" href="#xmldb-query"/>
        <p:output name="data" id="query-resp"/>
    </p:processor>
       
    <p:choose href="#query-resp" xmlns:p="http://www.orbeon.com/oxf/pipeline">
        <!-- if the user has not been correctly authentificated, we will redirect him to the login page-->
        <p:when test="//authenticated='false'">
            <p:processor name="oxf:redirect" xmlns:p="http://www.orbeon.com/oxf/pipeline">  
                <p:input name="data">  
                    <redirect-url>  
                        <path-info>/login</path-info>  
                    </redirect-url>  
                </p:input>      
            </p:processor>
        </p:when>
    </p:choose>
    
    <!-- if the user has been authenticated, we will generate dynamically the datasource for querying the database -->
    <p:processor name="oxf:xslt" xmlns:p="http://www.orbeon.com/oxf/pipeline">
        <p:input name="data" href="#instance"/>
        <p:input name="config">
            <datasource xsl:version="2.0">
                <driver-class-name>org.exist.xmldb.DatabaseImpl</driver-class-name>
                <uri>xmldb:exist:///</uri>
                <username><xsl:value-of select="/form/username"/></username>
                <password><xsl:value-of select="/form/password"/></password>
            </datasource>
        </p:input>  
        <p:output name="data" id="datasource"/>  
    </p:processor>
    
    <!-- create get person uid query (from users.xml collection) -->
    <p:processor name="oxf:xslt" xmlns:p="http://www.orbeon.com/oxf/pipeline">
        <p:input name="data" href="#instance"/>
        <p:input name="config">
            <xdb:query collection="/db/system" xsl:version="2.0">
                <uid>
                    {for $user in /auth/users/user
                     where $user/@name = '<xsl:value-of select="/form/username"/>'
                     return $user/@uid}
                </uid>
            </xdb:query>
        </p:input>
        <p:output name="data" id="get_uid"/>
    </p:processor>
    
    <!-- The query will return the uid of the user that we have created -->
    <p:processor name="oxf:xmldb-query">
        <p:input name="datasource" href="#datasource"/>
        <p:input name="query" href="#get_uid"/>
        <p:output name="user_uid" id="user_uid"/>
    </p:processor>
    
    <!-- insert the user uid in the instance  -->
    <p:processor name="oxf:xupdate" xmlns:p="http://www.orbeon.com/oxf/pipeline">
        <p:input name="data" href="#instance"/>
        <p:input name="user" href="#user_uid"/>
        <p:input name="config">
            <xu:modifications  xmlns:xu="http://www.xmldb.org/xupdate">
                <xu:update select="/form/uid">
                    <xu:value-of select="doc('#user')/uid/@uid"/>
                </xu:update>
            </xu:modifications>
        </p:input>
        <p:output name="data" id="new_instance"/>
    </p:processor>
    
    <!-- Save the result of the authentification query on the session scope -->
    <p:processor name="oxf:scope-serializer" xmlns:p="http://www.orbeon.com/oxf/pipeline">  
        <p:input name="data" href="aggregate('cgcuser', #query-resp, #new_instance)"/>
        <p:input name="config">
            <config>
                <key>authentification</key>
                <scope>session</scope>
                <session-scope>application</session-scope>
            </config>
        </p:input>  
    </p:processor>

 </p:config>

My logout processor :

    <!-- Save the result of the authentification query on the session scope -->
    <p:processor name="oxf:scope-serializer" xmlns:p="http://www.orbeon.com/oxf/pipeline">  
        <p:input name="data">
            <cgcuser><authenticated>false</authenticated></cgcuser>
        </p:input>
        <p:input name="config">
            <config>
                <key>authentification</key>
                <scope>session</scope>
                <session-scope>application</session-scope>
            </config>
        </p:input>  
    </p:processor>   
    
    <p:processor name="oxf:redirect" xmlns:p="http://www.orbeon.com/oxf/pipeline">  
        <p:input name="data">  
            <redirect-url>  
                <path-info>/</path-info>  
            </redirect-url>  
        </p:input>      
    </p:processor>

Here is finally my page-flow :

    <page id="login" path-info="/login" xforms="/is/login/login-xforms-model.xml" view="/is/login/login-view.xsl">
    <action when="/form/action='enter' and /form/username!='admin'" action="/is/login/login-model.xpl">
            <result id="success" page="homeCoordinator"/>
        </action>
    </page>    
    
    <page id="logout" path-info="/is/logout" model="/is/logout/logout-model.xpl"/>
        
    <page id="homeCoordinator" path-info="/is/" model="/is/projectsUsers/projectsUsers-model.xpl" view="/is/projectsUsers/projectsUsers-view.xsl"/

Now I have a strange behaviour : at first the login page comes up and I enter my data. Ok that works, I arrive on my homeCoordinator page. Now if I logout, I'm sent back to the login page, that's ok also! But now if I try to enter a link without being authenticated (but after one authentification and a logout), Firefox tells me this :

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
    *   This problem can sometimes be caused by disabling or refusing to accept
          cookies.

To say this another way : if I test a page without be authenticated, I'm redirect to login page normally. But if I first get authenticated... then logout and then try again a page then I will have the error written above! If I delete the cache of Firefox, everything works again. Any idea ? :(







Alessandro Vernet a écrit :

Stephane,

On 10/24/07, StephR [hidden email] wrote:
  

Now, hopefully last question on this ;). My login page is made of a model
and a view... so can I redirect it to it or would I have to create another
login page that doesn't separate both? Because like now it doesn't go
through the page-flow anymore, I cannot just redirect it to anything I want.

<p:processor name="oxf:redirect"
xmlns:p="http://www.orbeon.com/oxf/pipeline">
                                <p:input name="data">
                                        <redirect-url>
                                                <path-info>The redirection can only work on a link that really exists
? (because I don't go through the page-flow anymore)</path-info>
                                        </redirect-url>
                                </p:input>
                        </p:processor>


I checked the little information on the oxf:redirect processor... I couldn't
find anything about it.
    

In the XPL that checks if you are authenticated (the XPL that you run
from the web.xml), you would make an exception for the login page. If
someone is requesting the login page, then you run the page flow
directly. Then in the page flow you handle the login page just like
any other page, which means you can have a model and a view for that
page.

Alex
  

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

On 10/25/07, Stephane Ruchet <[hidden email]> wrote:
>  In the XPL that checks if you are authenticated (the XPL that you run
> from the web.xml), you would make an exception for the login page. If
> someone is requesting the login page, then you run the page flow
> directly. Then in the page flow you handle the login page just like
> any other page, which means you can have a model and a view for that
> page.

Again, tcpmon can help you here. Try putting a tcpmon between Firefox
and Tomcat. At the very end, when you go to a page that requires
authentication, check what Tomcat is responding. It should respond
with a redirect to the login page. Maybe that request to the login
page is answered with a redirect, which causes is a loop.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

Nice utility !

Okay so it's completely screwed :)! There is redirection everywhere... and even to just show the login page, there a several calls!

I believe I know why :

Could it be possible that it's because files like *.css, *.xml, etc... go also through my authentification processor and then are redirected to the login page (which of course is not the goal here). In page flow, we add theses lines (<files path-info="*.gif"/>, ...) for the files to be served directly. What do you think ? I would have to add checks in my processor no ? Is all this really a good idea finally?

Steph


Alessandro Vernet a écrit :

On 10/25/07, Stephane Ruchet [hidden email] wrote:
  

 In the XPL that checks if you are authenticated (the XPL that you run
from the web.xml), you would make an exception for the login page. If
someone is requesting the login page, then you run the page flow
directly. Then in the page flow you handle the login page just like
any other page, which means you can have a model and a view for that
page.
    

Again, tcpmon can help you here. Try putting a tcpmon between Firefox
and Tomcat. At the very end, when you go to a page that requires
authentication, check what Tomcat is responding. It should respond
with a redirect to the login page. Maybe that request to the login
page is answered with a redirect, which causes is a loop.

Alex
  

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

Stephane Ruchet wrote: A request will hit the page flow *after* it has gone through the
servlet's security. So if a path to an image, say, is a resource that
you protected in your web.xml, it will be redirected/rejected by the
servlet container (e.g. Tomcat) before it even reaches Orbeon Forms and
the page flow.

I would try using an absolute path in web.xml to protect just a single
page, and then try to hit that page and see what happens.

-Erik

--
Orbeon Forms - Web Forms for the Enterprise Done the Right Way
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws