jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qingxian Wang <qingxian_w...@sunsystems.com>
Subject RE: Form Authentication
Date Mon, 16 Sep 2002 10:23:44 GMT
I have tried to use FormAuthentication class with the Cactus 1.4.1.  I got
the following error although I have set up the correct username and
password:

 1)
testFormAuthentication(com.systemsunion.framework.tools.web.deployer.servlet
.CactusTest_WebDeployerActionServlet)java.lang.IllegalStateException: class
java.lang.IllegalArgumentException: Unable to login, probably due to bad
username/password. [Bad Response Code]
     at
org.apache.cactus.client.authentication.FormAuthentication.authenticate(Form
Authentication.java;org/apache/cactus/util/log/LogAspect.aj[1k]:193)
     at
org.apache.cactus.client.authentication.FormAuthentication.dispatch9_configu
re(FormAuthentication.java;org/apache/cactus/util/log/LogAspect.aj[1k]:47)
     at
org.apache.cactus.client.authentication.FormAuthentication.around9_configure
(FormAuthentication.java;org/apache/cactus/util/log/LogAspect.aj[1k]:1156)
     at
org.apache.cactus.client.authentication.FormAuthentication.configure(FormAut
hentication.java;org/apache/cactus/util/log/LogAspect.aj[1k]:43)
     at
org.apache.cactus.client.HttpClientConnectionHelper.dispatch26_connect(HttpC
lientConnectionHelper.java;org/apache/cactus/util/log/LogAspect.aj[1k]:116)
     at
org.apache.cactus.client.HttpClientConnectionHelper.around26_connect(HttpCli
entConnectionHelper.java;org/apache/cactus/util/log/LogAspect.aj[1k]:1236)
     at
org.apache.cactus.client.HttpClientConnectionHelper.connect(HttpClientConnec
tionHelper.java;org/apache/cactus/util/log/LogAspect.aj[1k]:106)
     at
org.apache.cactus.client.AbstractHttpClient.callRunTest(AbstractHttpClient.j
ava;org/apache/cactus/util/log/LogAspect.aj[1k]:186)
     at
org.apache.cactus.client.AbstractHttpClient.dispatch2_doTest(AbstractHttpCli
ent.java;org/apache/cactus/util/log/LogAspect.aj[1k]:109)
     at
org.apache.cactus.client.AbstractHttpClient.around2_doTest(AbstractHttpClien
t.java;org/apache/cactus/util/log/LogAspect.aj[1k]:1236)
     at
org.apache.cactus.client.AbstractHttpClient.doTest(AbstractHttpClient.java;o
rg/apache/cactus/util/log/LogAspect.aj[1k]:104)
     at
org.apache.cactus.AbstractWebTestCase.runGenericTest(AbstractWebTestCase.jav
a:260)
     at org.apache.cactus.ServletTestCase.runTest(ServletTestCase.java:133)
     at
org.apache.cactus.AbstractTestCase.runBare(AbstractTestCase.java:195)
     at com.systemsunion.build.junitx.SSTestRunner.start(Unknown Source)
     at com.systemsunion.build.junitx.SSTestRunner.main(Unknown Source)

Any idear?

Qingxian

-----Original Message-----
From: Qingxian Wang 
Sent: 16 September 2002 10:58
To: 'Cactus Users List'
Subject: RE: Form Authentication


I have tried to use the FormAuthentication class with the
CactusStrutsTestCase of the Struts test case framework.  My test case has
problem to find the user name and password.  I got an
IllegalArgumentException thrown from the FormAuthentication class.  I will
try to use the Cactus directly, i.e. ServletTestCase class. 

Qingxian

-----Original Message-----
From: Vincent Massol [mailto:vmassol@octo.com]
Sent: 15 September 2002 22:19
To: 'Cactus Users List'
Subject: RE: Form Authentication


Thanks Jason! I've committed your code (modified slightly to add missing
javadoc, and the checkstyle violations ... :)).

I don't have any answer to your questions below. What we now need to do
is:

1- write a test case for it
2- try it on several application servers
3- add web site documentation to explain how to use it

I guess 1 and 2 will give us the answers to your questions...

Thanks again
-Vincent

> -----Original Message-----
> From: Robertson, Jason [mailto:Jason.Robertson@acs-inc.com]
> Sent: 12 September 2002 23:04
> To: 'Cactus Users List'
> Subject: RE: Form Authentication
> 
> Ok, attached is a slightly updated file with some comments and such.
> 
> The basic premise is:
> 1. Is JSESSIONID non-null? If yes, stick it into a cookie and we're
done.
> 2. If it's null, authenticate.
> 3. To authenticate, connect to ${ContextURL}/j_security_check with the
> username/password. This _should_ authenticate you.
> 4. Cache the returned JSESSIONID.
> 5. To verify we were authenticated, check a combination of the
response
> code
> and maybe redirect location. See question below.
> 
> A TestCase could create a new FormAuthentication object for each test,
or
> could have a static one in the TestCase that will get initialized once
and
> reused. The latter would provide quicker testcases at the expense of
> keeping
> state between test cases, which is a philosophical expense at best.
The
> cool
> thing is in this case, though, that even if a single test case is run
in
> the
> middle of the sequence it will still work. It doesn't really rely on
the
> TestCase before it (the authentication will just happen when needed),
so
> it
> may not really violate any of the unit test philosophy.
> 
> Only a couple questions:
> 
> 1. Will all app servers send a 302 response with the location being
the
> ContextURL after a successful login? WebLogic does, and that's my only
> source right now. What about on an unsuccessful login? WebLogic
returns a
> 200 and the content is that of the login page, but I think it would be
> acceptable to return a 302 with a Location of the login page. I think
my
> code will work with both, but testing will be the only proof.
> 
> 2. Do I need the setSecurityCheck method? Or will
> ${ContextURL}/j_security_check always work? It's really a safety net,
but
> it
> might be unnecessary.
> 
> Jason
> 
> -----Original Message-----
> From: Erik Hatcher [mailto:lists@ehatchersolutions.com]
> Sent: Thursday, September 12, 2002 9:17 AM
> To: Cactus Users List
> Subject: Re: Form Authentication
> 
> 
> Wow, just in the nick of time too!  I haven't looked at your code, but
> this is exactly what we need as well.
> 
> I look forward to the Cactus committers having a look at this to see
if
> it fits in and getting it committed!  :)
> 
> Thanks Jason!
> 
> 	Erik
> 
> Robertson, Jason wrote:
> > Here's a FormAuthentication implementation that doesn't need any
rework
> of
> > the standard flow. The only modification needed to make this compile
is
> to
> > make the base class AbstractAuthentication's member variables
'theName'
> and
> > 'thePassword' protected instead of private.
> >
> > This is a first pass. It's short on comments, and has some debugging
> code
> > temporarily commented out, but it works. At least for me, on
WebLogic
> 7.0.
> > :)
> >
> > I'll comment it and express some minor concerns especially with
regards
> to
> > various app servers in the coming days, but I thought I'd throw this
out
> > now.
> >
> > I tried to include a sample ear that has a basic example, but the
war's
> lib
> > directory is too big and it bounced. So I've included the project,
just
> > adjust the jar file properties in build.xml to make it all work.
> >
> > Jason
> >
> >
> >
> >
------------------------------------------------------------------------
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:cactus-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:cactus-user-help@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:cactus-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:cactus-user-help@jakarta.apache.org>



--
To unsubscribe, e-mail:
<mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:cactus-user-help@jakarta.apache.org>


This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom it is addressed. If
you have received this e-mail in error you must not copy, distribute or take
any action in reliance on it. Please notify the sender by e-mail or
telephone.
We utilise an anti-virus system and therefore any files sent via e-mail will
have been checked for known viruses. You are however advised to run your own
virus check before opening any attachments received as we will not in any
event accept any liability whatsoever once an e-mail and/or any attachment
is received. Any views expressed by an individual within this e-mail do not
necessarily reflect the views of Systems Union Group plc or any of its
subsidiary companies.


--
To unsubscribe, e-mail:
<mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:cactus-user-help@jakarta.apache.org>


This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom it is addressed. If
you have received this e-mail in error you must not copy, distribute or take
any action in reliance on it. Please notify the sender by e-mail or
telephone.
We utilise an anti-virus system and therefore any files sent via e-mail will
have been checked for known viruses. You are however advised to run your own
virus check before opening any attachments received as we will not in any
event accept any liability whatsoever once an e-mail and/or any attachment
is received. Any views expressed by an individual within this e-mail do not
necessarily reflect the views of Systems Union Group plc or any of its
subsidiary companies.


--
To unsubscribe, e-mail:   <mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:cactus-user-help@jakarta.apache.org>


Mime
View raw message