cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carsten Ziegeler" <cziege...@s-und-n.de>
Subject RE: SunRise: AuthAction.java bug?
Date Thu, 08 Aug 2002 13:35:12 GMT
I looked at the code and it seems that if the handler parameter is
misconfigured an exception should be thrown:

The AuthAction calls:

            if (sunRise.checkAuthentication(redirector, !initialized) ==
false) {

And in the checkAuthentication() method, the following code should
throw an exception then:
>>>
        if (this.handlerName == null) this.handlerName = "";
        if (this.applicationName == null) this.applicationName = "";
        if (this.handlerName.equals(newHandlerName) == false
            || this.applicationName.equals(newAppName) == false) {
            this.handlerName = newHandlerName;
            this.applicationName = newAppName;
            this.handler = null;
            this.application = null;

            if (this.handlerName != null) {
                if ( null != this.userHandlers) {
                    this.handler =
(Handler)this.userHandlers.get(this.handlerName);
                } else {
                    this.handler =
(Handler)this.configuredHandlers.get(this.handlerName);
                }

                if (this.handler == null) {
                    throw new ProcessingException("Handler not found: " +
this.handlerName);
                }

<<<<<

Or is here a bug?

Carsten

> -----Original Message-----
> From: Per Kreipke [mailto:per@onclave.com]
> Sent: Thursday, August 08, 2002 12:56 AM
> To: cocoon-dev@xml.apache.org
> Subject: SunRise: AuthAction.java bug?
>
>
> In 2.0.3, the default value returned from AuthAction:act() calling
> SunRise.java:checkAuthentication() is true even if there is no handler
> parameter defined.
>
> That seems wrong to me: if misconfigured with no 'handler'
> parameter, there
> should either be an error message or complete failure. The user certainly
> shouldn't be authorized.
>
> Per
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
> For additional commands, email: cocoon-dev-help@xml.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: cocoon-dev-unsubscribe@xml.apache.org
For additional commands, email: cocoon-dev-help@xml.apache.org


Mime
View raw message