geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul McMahan (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-2379) Security Realms portlet - form field validation using javascript
Date Fri, 08 Sep 2006 21:10:22 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-2379?page=comments#action_12433498 ] 
            
Paul McMahan commented on GERONIMO-2379:
----------------------------------------

Comments on the patch:

General comment is that many of the prompts use the forms internal variable name instead of
the display name.  This is confusing, for example, when the display name is "Log File" but
the form variable name is "auditPath".

Your comment above says:
>  2. For Properties File and Certificate Properties File Realms, validates the usersURI
and groupsURI fields. Checks for empty strings.
Looks like this part was left out of the patch.  I can leave both entries blank and submit
to get a stack trace in the console.

The change to advanced.jsp does not work correctly because if the "Enable Auditing" checkbox
is not clicked then validateForm() will always return false, so the user cannot create a realm
unless auditing is enabled.  Also when Enable Lockout is selected the extra fields are checked
for being numerical but not for being empty.

The change to _sql.jsp doesn't work.  If I click the 'Next' button without specifying any
values I get a stack trace and an empty browser page.

In certain places I get a benign(?) javascript error popup window saying something like:
Error: 'userSelect' is undefined followed by a blank browser window.
For example when I creating a properties file realm.  You should be able to see this by selecting
"display a notification about every script error" in your browser settings.

In MasterLoginModuleInfo.java the "xxx.blankAllowed" property should be trimmed before comparison.

> Security Realms portlet - form field validation using javascript
> ----------------------------------------------------------------
>
>                 Key: GERONIMO-2379
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2379
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 1.1.1
>         Environment: WinXP, Sun JDK 1.4.2_08, G-1.1.1-rc1
>            Reporter: Vamsavardhana Reddy
>             Fix For: 1.1.2, 1.1.x, 1.2
>
>         Attachments: GERONIMO-2379-removedtabs.patch, GERONIMO-2379.patch
>
>
> Security Realm portlet pages do not perform any field validations before submitting the
form.  Some of the fields can be validated using javascript.  Even though it is not complete
validation of every field, checks can be put in place for non empty strings, non numerical
values etc.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message