How to get username and Password out of the security-request!?

On 8/16/07, Marcus Ziegelmeier <[hidden email]> wrote:
> Hi Alex,
> after Hanks Mail i tried  separator="&amp;"  and that worked for me as well. So, the next question only seems to be, why i should use the application context for storing the username&password instead of the session context!? After my logout i destroy the session information, but will this also delete the information in the application context?
> Or am i getting something wrong about that?

Is it working with the session context? I thought that a new context
might be created by the container after the user logs in, but now that
I think more about it, I don't  think that the container should do
that. So you should be fine using the session context. Can you give
that a try?

> And another simple question may be: Will a processor inside a XPL be executed without any input, but if its output is used by another processor? When the user-information are stored in the context, i want to creat my "datasource.xml" dynamical, so i have to request them, otherwise i need the "datasource.xml" to be loaded. But this processor needs no input and gives me only the result as output. Right?

Sorry, I don't follow you on this one. If you have a processor A with
an output, connected to an input of a processor B, then A will run
when B reads that input.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hi Ales,
hope you remember this thread.
After some weeks of work, i finally have some time to go back on this and
hope to finish it soon.

Let me ask another question about the login-procedure.
At the moment all works fine with XForms. The only thing i was wondering
about is, that when someone enters false login-data (name/pass) it redirects
me to my login-page, but in the url now i can see my name and pass
unencrypted :-(

http://localhost:8085/kkbib/admin/j_security_check?j_username=kkbib&j_password=kkbib

Is there a way to turn that off or to hide those information?
For information:
My submission looks like:
--------------------------
   <xforms:submission id="login-submission"
    ref="instance('login-instance')" separator="&amp;"
    method="get" action="j_security_check" />

My instance:
-------------
   <xforms:instance id="login-instance">
    <login xmlns="">
     <j_username></j_username>
     <j_password></j_password>
    </login>
   </xforms:instance>

I needed to use the get-method to get things work together with my
security-authentication-filter.
Any ideas how to hide the login information on a false login?

Regards, Marcus




--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Marcus,

On 9/26/07, Marcus <[hidden email]> wrote: Are you running this submission with a replace="all" from XForms? If
this is the case, you can try to change optimize-get-all to false in
your properties.xml. So the query will go to /xforms-server and the
GET will be done on the server-side with a "forward" (server-side
redirect).

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws

Hi, Alex,
   I faced the same problem. When I changed optimize-get-all to false as you mentioned, I couldn't go to the page configured in page-flow.xml. I always get the following message whenever I login successfully or not:
"
Orbeon Forms - Page Not Found
We are sorry, but the resource you have requested is not available on this server.
"

Here is my submission:
----------------------
<xforms:submission id="login-submission" separator="&#38;" replace="all" ref="instance('login-request')" method="get" action="/j_security_check"/>

----------------------
Here is my page-flow.xml
----------------------
    <page path-info="/myapp/" model="login/login.xpl" view="ui/home.xhtml"/>
    <page path-info="/myapp/login" view="login/ui/login.xhtml"/> 
----------------------

   Thanks for your help!

   

Alessandro Vernet wrote

Marcus,

On 9/26/07, Marcus <StMarcus@gmx.net> wrote:
> Let me ask another question about the login-procedure.
> At the moment all works fine with XForms. The only thing i was wondering
> about is, that when someone enters false login-data (name/pass) it redirects
> me to my login-page, but in the url now i can see my name and pass
> unencrypted :-(
>
> http://localhost:8085/kkbib/admin/j_security_check?j_username=kkbib&j_password=kkbib
>
> Is there a way to turn that off or to hide those information?
> For information:
> My submission looks like:
> --------------------------
>    <xforms:submission id="login-submission"
>     ref="instance('login-instance')" separator="&"
>     method="get" action="j_security_check" />

Are you running this submission with a replace="all" from XForms? If
this is the case, you can try to change optimize-get-all to false in
your properties.xml. So the query will go to /xforms-server and the
GET will be done on the server-side with a "forward" (server-side
redirect).

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/



--
You receive this message as a subscriber of the ops-users@objectweb.org mailing list.
To unsubscribe: mailto:ops-users-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws


-----
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/

On Sun, Aug 17, 2008 at 7:32 PM, cheney zhao <[hidden email]> wrote:
>   I faced the same problem. When I changed optimize-get-all to false as you
> mentioned, I couldn't go to the page configured in page-flow.xml. I always
> get the following message whenever I login successfully or not:
> "
> Orbeon Forms - Page Not Found
> We are sorry, but the resource you have requested is not available on this
> server.
> "

Can you check the orbeon.log and see which page was requested? You
should see something like:

2008-08-19 11:09:16,403 INFO  ProcessorService  - /gaga - Received request

Where "/gaga" is the path to your page. You can see there if this is
the path that you expect. BTW, is there any reason you are using
XForms for the login page? You might want to use just a simple form
for this, since there is just a login/password field. See for instance
resources/apps/java-authentication/login.xhtml in orbeon.war.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
Orbeon's Blog: http://www.orbeon.com/blog/
Personal Blog: http://avernet.blogspot.com/
Twitter - http://twitter.com/avernet


--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws

Hi, Alex,
Thanks for your reply. I want to display some message in same login page, such as "Invalid Password", "Invalid User". Using XForms for the login page makes me easy to do so.
Here is the content in orbeon.log when I use wrong and correct username and password to login
---------------------------------------------
2008-08-20 10:11:53,573 INFO  ProcessorService  - /core/login
2008-08-20 10:12:02,526 INFO  ProcessorService  - /xforms-server - Received request
2008-08-20 10:12:02,557 INFO  ProcessorService  - /xforms-server - Timing: 31 - Cache hits for cache.main: 23, fault: 1, adds: 0, expirations: 0, success rate: 95%
2008-08-20 10:12:05,557 INFO  ProcessorService  - /xforms-server - Received request
2008-08-20 10:12:05,588 INFO  ProcessorService  - /xforms-server - Timing: 31 - Cache hits for cache.main: 24, fault: 1, adds: 0, expirations: 0, success rate: 96%
2008-08-20 10:12:05,604 INFO  ProcessorService  - /core/login - Received request
2008-08-20 10:12:05,745 INFO  ProcessorService  - /j_security_check - Received request
2008-08-20 10:12:05,791 INFO  ProcessorService  - /j_security_check -
2008-08-20 10:12:05,791 INFO  ProcessorService  - /core/login - Timing: 187 - Cache hits for cache.main: 62, fault: 23, adds: 24, expirations: 24, success rate: 72%
2008-08-20 10:13:55,557 INFO  ProcessorService  - /xforms-server - Received request
2008-08-20 10:13:55,604 INFO  ProcessorService  - /xforms-server - Timing: 47 - Cache hits for cache.main: 23, fault: 1, adds: 0, expirations: 0, success rate: 95%
2008-08-20 10:13:59,854 INFO  ProcessorService  - /xforms-server - Received request
2008-08-20 10:13:59,885 INFO  ProcessorService  - /xforms-server - Timing: 31 - Cache hits for cache.main: 23, fault: 1, adds: 0, expirations: 0, success rate: 95%
2008-08-20 10:14:00,635 INFO  ProcessorService  - /xforms-server - Received request
2008-08-20 10:14:00,651 INFO  ProcessorService  - /xforms-server - Timing: 16 - Cache hits for cache.main: 23, fault: 1, adds: 0, expirations: 0, success rate: 95%
2008-08-20 10:14:00,760 INFO  ProcessorService  - /xforms-server - Received request
2008-08-20 10:14:00,776 INFO  ProcessorService  - /xforms-server - Timing: 16 - Cache hits for cache.main: 24, fault: 1, adds: 0, expirations: 0, success rate: 96%
2008-08-20 10:14:00,823 INFO  ProcessorService  - /core/login - Received request
2008-08-20 10:14:00,838 INFO  ProcessorService  - /j_security_check - Received request
2008-08-20 10:14:00,870 INFO  ProcessorService  - /j_security_check - Timing: 32 - Cache hits for cache.main: 248, fault: 5, adds: 5, expirations: 2, success rate: 98%
2008-08-20 10:14:00,870 INFO  ProcessorService  - /core/login - Timing: 47 - Cache hits for cache.main: 65, fault: 7, adds: 7, expirations: 4, success rate: 90%
--------------------------------------------------
The path "/core/login" is right when using wrong username and password. But it displays "Page Not Found" in IE.
Any good ideas for my cases? Thank you!


Cheney



Can you check the orbeon.log and see which page was requested? You
should see something like:

2008-08-19 11:09:16,403 INFO  ProcessorService  - /gaga - Received request

Where "/gaga" is the path to your page. You can see there if this is
the path that you expect. BTW, is there any reason you are using
XForms for the login page? You might want to use just a simple form
for this, since there is just a login/password field. See for instance
resources/apps/java-authentication/login.xhtml in orbeon.war.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
Orbeon's Blog: http://www.orbeon.com/blog/
Personal Blog: http://avernet.blogspot.com/
Twitter - http://twitter.com/avernet


Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
http://www.orbeon.com/

On Tue, Aug 19, 2008 at 7:33 PM, cheney zhao <[hidden email]> wrote:
> The path "/core/login" is right when using wrong username and password. But
> it displays "Page Not Found" in IE.

And you are only getting this on IE? I.e. not on Firefox? If this is the
case, in general this is a symptom of a URL being used which is too long
for IE to handle. In general, using a POST instead of a GET is the solution.

Alex
--
Orbeon Forms - Web 2.0 Forms, open-source, for the Enterprise
Orbeon's Blog: http://www.orbeon.com/blog/
Personal Blog: http://avernet.blogspot.com/
Twitter - http://twitter.com/avernet



--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws