From: Dmitriy S. <sha...@gm...> - 2011-02-20 06:06:53
|
Can you use servlet authentication mechanize? It simper and it do not require any additional code. Here authentication form (eXist's including LDAP and others and openid): http://exist.svn.sourceforge.net/viewvc/exist/trunk/eXist/webapp/administration/login.xql?revision=13358&view=markup and controller have only 'logout' event handling http://exist.svn.sourceforge.net/viewvc/exist/trunk/eXist/webapp/administration/controller.xql?revision=11251&view=markup and by "if (not (xmldb:is-authenticated())) then" can see is it was authenticated or not. On Sun, Feb 20, 2011 at 6:07 AM, Efraim Feinstein < efr...@gm...> wrote: > Hi, > > If I use xmldb:login() in a controller.xql, then forward to a url within > the database, what user am I forwarding as: guest or the user that just > logged in? > > What I would have expected in the attached (minimal) example is: > If protected.xml has 700 permissions to a given user, and the correct user > and password parameters were given, it should be able to be read and return > its contents, otherwise, I should get error 403. The actual result is a 403 > under all conditions. > > If protected.xql is run, and user and password parameters are given, the > user given in user should be returned, otherwise it should return "guest". > This returns the logged in user as expected. > > I tried it under eXist 1.5 r13789. > -- Dmitriy Shabanov |