Thread: config.cfm authorization settings being ignored
Created on: 06/28/12 09:27 AM
| New topic Reply | Page: 1 |
| Replies: 8 | |
| gklandes
|
06/28/12 9:27 AM I use Mango for an organization blog and was going to set up a 2nd blog when I ran into this problem. The 2nd blog will not recognize my update to the authorization routine. 2 two blogs are completely separate files and databases but reside on the same server. The path to one is "/blog1" and the other "/department/name/blog2". The problem seems to occur during application start when Mango is instantiated. When "init" runs in "Mango.cfc", l.32 sets "settings" and properly assigns the values in my config.cfm. But, those values are overwritten in l.46 with values from the database. Does anyone have any idea why the config file would be overriden? |
| Link | Top | Bottom | |
| Laura
Wizard |
06/28/12 7:45 PM The config would not get overridden if the app names are different and all other paths are different. It might help if you post your config (sanitized as needed). |
| Link | Top | Bottom | |
| gklandes
|
07/16/12 1:29 PM OK, Here is the config file: <cfsilent>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE preferences SYSTEM "http://java.sun.com/dtd/preferences.dtd"> <preferences EXTERNAL_XML_VERSION="1.0"> <root type="system"> <map/> <node name="generalSettings"> <map/> <node name="dataSource"> <map> <entry key="name" value="techblog"/> <entry key="type" value="mssql_2005"/> <entry key="username" value=""/> <entry key="password" value=""/> <entry key="tablePrefix" value=""/> </map> </node> </node> <node name="authorization"> <map> <entry key="methods" value="delegated,native"/> </map> <node name="settings"> <map> <entry key="component" value="district.technology.blog.components.AuthLDAP"/> </map> </node> </node> </root> </preferences> </cfsilent> |
| Link | Top | Bottom | |
| gklandes
|
07/16/12 3:05 PM If I comment out the OnError fxn in Application.cfc, I can dump "variables.settings.methods" in components/Authorizer.cfc ln34 ; the output is "native". This points to a problem in loading the settings. From there I looked into Mango.cfc to find where the config file was supposed to be read in. There is a script section starting around ln32. If I dump "preferences.exportSubtreeAsStruct('')" above the script section i get a struct where "authorization.methods" = "delegated,native" showing that the file was read properly. But in the script section, what follows is the creation of the "settingsManager" obj that loads the DB values and overwrites the value from the settings file. I have tried to manually update the value in the DB for the method but the component is not found. Any thoughts? |
| Link | Top | Bottom | |
| Laura
Wizard |
07/22/12 10:19 PM I will need to run this to be sure, but I think the issue seems to be that the <node name="authorization"> is not at the same level as <node name="dataSource"> as there are 2 closing nodes before the authorization starts. I'm pretty certain it needs to be at the same level (putting it inside the generalSettings parent node). So, something like this (haven't run this, could contain errors): <cfsilent>
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE preferences SYSTEM "http://java.sun.com/dtd/preferences.dtd"> <preferences EXTERNAL_XML_VERSION="1.0"> <root type="system"> <map/> <node name="generalSettings"> <map/> <node name="dataSource"> <map> <entry key="name" value="techblog"/> <entry key="type" value="mssql_2005"/> <entry key="username" value=""/> <entry key="password" value=""/> <entry key="tablePrefix" value=""/> </map> </node> <node name="authorization"> <map> <entry key="methods" value="delegated,native"/> </map> <node name="settings"> <map> <entry key="component" value="district.technology.blog.components.AuthLDAP"/> </map> </node> </node> </node> </root> </preferences> </cfsilent> |
| Link | Top | Bottom | |
| gklandes
|
07/23/12 8:51 AM I moved the "authorization" node inside the "generalSettings" node, but no luck. What about the path? My working install is in a folder at the root (ex: "/blog") while my broken install is much deeper (ex. "/path/to/blog"). Could that cause an issue in the Java Preferences object? |
| Link | Top | Bottom | |
| Laura
Wizard |
07/23/12 9:13 PM Did you reload the config after making the changes? Also, is the component: "district.technology.blog.components.AuthLDAP" accessible? Meaning you have the district folder at the root or have a mapping for district (or district/technology/blog/components)? |
| Link | Top | Bottom | |
| gklandes
|
07/31/12 6:56 AM I did reload and the component is accessible. To test the component and the path to it, I wrote a script to check AuthLDAP: <form method="post" enctype="multipart/form-data" action="testAuth.cfm"> <p>UN: <input name="un" /></p> <p>PW: <input type="password" name="pw" /></p> <p><input type="submit" name="go" value="go" /></p> </form> <hr /> <cfif structKeyExists(FORM,'go')> <cfset oAuth = createObject('component','district.technology.blog.components.AuthLDAP').init() /> <cfset cred = structNew() /> <cfset cred.username = FORM.un /> <cfset cred.password = FORM.pw /> <cfdump var="#oAuth.checkcredentials(cred)#" /> </cfif> This script takes my UN/PW and returns a struct per the requirements for what Mango requires. Specifically, I get the "credentials" struct back with "isauthorized" set to "true" and a "roleid" set to "administrator" along with "email", "name" and "password." |
| Link | Top | Bottom | |
| Laura
Wizard |
08/16/12 9:22 PM I'm unable to tell what the problem is without debugging. I would recommend that you enable CF debugging and remove the cfdebugoutput tag in Application.cfc to see if anything fails and whether your component is called correctly. |
| Link | Top | Bottom | |
New Post