This action is used to authenticate user by comparing several request
fields (username, password) with the values in a DBXML compliant database.
The description of the process is given via external xml description file
simiar to the one used for all actions derived from AbstractDatabaseAction.
The values specified via "request-param" describe the name of HTTP request
parameter, "element" indicates matching document node, "nullable" means
that request-param which is null or empty will not be included in the WHERE
clause. This way you can enable accounts with empty passwords, etc.
"to-session" attribute indicates under which name the value obtained from
database should be stored in the session. Of course new session is created
when authorization is successfull. The "type" attribute can be either
string, long or double and alters the type of object stored in session.
Additionally all parameters that are
propagated to the session are made available to the sitemap via {name}
expression.
If there is no need to touch the session object, providing just one-time
verification, you can specify action parameter "create-session" to "no" or
"false". No values are then propagated to the sesion and session object is
not verified.
author: Christian Zoffoli author: Martin Man since: 2002/02/03 version: $Id: DbXMLAuthenticatorAction.java 433543 2006-08-22 06:22:54Z crossley $ version: based on DatabaseAuthenticatorAction created by Martin Man
