geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-2379) Security Realms portlet - form field validation using javascript
Date Sat, 09 Sep 2006 03:30:23 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-2379?page=comments#action_12433547 ] 
            
Vamsavardhana Reddy commented on GERONIMO-2379:
-----------------------------------------------

Please note that this JIRA has a dependency on "GERONIMO-2378  Problems in JavaScript validation
cod...".  Some of the errors observed here will be removed once GERONIMO-2378.patch is applied.

Comment:
General comment is that many of the prompts use the forms internal variable name instead of
the display name. This is confusing, for example, when the display name is "Log File" but
the form variable name is "auditPath".

Response:
To account for this, either the form internal fields need to be changed to match those used
in the display.  Or pages should introduce a mapping from form internal variable name to the
display name.  The scope for confusion is less since focus is set to the field that was just
invalidated.

Comment:
> 2. For Properties File and Certificate Properties File Realms, validates the usersURI
and groupsURI fields. Checks for empty strings.
Looks like this part was left out of the patch. I can leave both entries blank and submit
to get a stack trace in the console.

Response:
I have observed the errors you have encountered post the the patch.  This happens because
of page cashing.  In order to get past that, please use Shift+reload after page load in the
browser you use regularly.  Or use a browser that you have never used to access Geronimo console.
 I do not know if this is a problem due to cache should be addressed in the scope of this
JIRA.

Comment:
The change to advanced.jsp does not work correctly because if the "Enable Auditing" checkbox
is not clicked then validateForm() will always return false, so the user cannot create a realm
unless auditing is enabled.

Response:
I have missed this while testing my patch.  Will revise the patch to account for this.

Comment:
 Also when Enable Lockout is selected the extra fields are checked for being numerical but
not for being empty.

Response:
The fix for this is in "GERONIMO-2378  Problems in JavaScript validation cod...".  That's
why I marked the current JIRA as "is blocked by" GERONIMO-2378.

Comment:
The change to _sql.jsp doesn't work. If I click the 'Next' button without specifying any values
I get a stack trace and an empty browser page.

Response:
Empty browser page is due to an error jacc specs code.  See GERONIMO-2376.

Comment:
In certain places I get a benign javascript error popup window saying something like:
Error: 'userSelect' is undefined followed by a blank browser window.

Response:
The fix for this is in "GERONIMO-2378  Problems in JavaScript validation cod...".  That's
why I marked the current JIRA as "is blocked by" GERONIMO-2378.

Comment:
In MasterLoginModuleInfo.java the "xxx.blankAllowed" property should be trimmed before comparison.

Response:
Will revise the patch to account for this.

> Security Realms portlet - form field validation using javascript
> ----------------------------------------------------------------
>
>                 Key: GERONIMO-2379
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2379
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 1.1.1
>         Environment: WinXP, Sun JDK 1.4.2_08, G-1.1.1-rc1
>            Reporter: Vamsavardhana Reddy
>             Fix For: 1.1.2, 1.1.x, 1.2
>
>         Attachments: GERONIMO-2379-removedtabs.patch, GERONIMO-2379.patch
>
>
> Security Realm portlet pages do not perform any field validations before submitting the
form.  Some of the fields can be validated using javascript.  Even though it is not complete
validation of every field, checks can be put in place for non empty strings, non numerical
values etc.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message