jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Qingxian Wang <qingxian_w...@sunsystems.com>
Subject RE: Form Authentication
Date Mon, 16 Sep 2002 16:46:46 GMT
I have tried the 1.5dev.  I still cannot run the authenticate test.  The
username, password and the role are set in tomcat-user.xml.  My code is like
this:

public class CactusTest_WebDeployerActionServlet extends ServletTestCase {

    public CactusTest_WebDeployerActionServlet(String strName) {       
        super(strName);
    }
    
    /**
     * Start the tests.
     *
     * @param theArgs the arguments. Not used
     */
    public static void main(String[] theArgs)
    {
        junit.textui.TestRunner.main(new String[]{
            CactusTest_WebDeployerActionServlet.class.getName()});        
    }

    /**
     * @return a test suite (<code>TestSuite</code>) that includes all
methods
     *         starting with "test"
     */
    public static Test suite()
    {
        // All methods starting with "test" will be executed in the test
suite.
        return new TestSuite(CactusTest_WebDeployerActionServlet.class);
    }
    
    public void beginFormAuthentication(WebRequest theRequest)
    {
        theRequest.setRedirectorName("ServletRedirectorSecure");
        theRequest.setAuthentication(new FormAuthentication("sun",
"sunsys"));
    }

    public void testFormAuthentication()
    {
        assertEquals("sun", request.getUserPrincipal().getName());
        assertEquals("sun", request.getRemoteUser());
        assertTrue("User not in 'everyone' role",
request.isUserInRole("everyone"));
    }
    
}



The following are the error messages:

 1)
testFormAuthentication(com.systemsunion.framework.tools.web.deployer.servlet
.CactusTest_WebDeployerActionServlet)org.apache.cactus.util.ChainedRuntimeEx
ception: Failed to authenticate the principal
     at
org.apache.cactus.client.authentication.FormAuthentication.authenticate(Form
Authentication.java;org/apache/cactus/util/log/LogAspect.aj(1k):297)
     at
org.apache.cactus.client.authentication.FormAuthentication.configure$ajcPost
Around13(FormAuthentication.java;org/apache/cactus/util/log/LogAspect.aj(1k)
:146)
     at
org.apache.cactus.client.authentication.FormAuthentication.configure$ajcPost
Around13$ajcVoidWrapper(FormAuthentication.java;org/apache/cactus/util/log/L
ogAspect.aj(1k))
     at
org.apache.cactus.client.authentication.FormAuthentication.configure(FormAut
hentication.java;org/apache/cactus/util/log/LogAspect.aj(1k):1145)
     at
org.apache.cactus.client.HttpClientConnectionHelper.connect$ajcPostAround9(H
ttpClientConnectionHelper.java;org/apache/cactus/util/log/LogAspect.aj(1k):1
18)
     at
org.apache.cactus.client.HttpClientConnectionHelper.connect(HttpClientConnec
tionHelper.java;org/apache/cactus/util/log/LogAspect.aj(1k):1240)
     at
org.apache.cactus.client.AbstractHttpClient.callRunTest(AbstractHttpClient.j
ava;org/apache/cactus/util/log/LogAspect.aj(1k):184)
     at
org.apache.cactus.client.AbstractHttpClient.doTest$ajcPostAround7(AbstractHt
tpClient.java;org/apache/cactus/util/log/LogAspect.aj(1k):108)
     at
org.apache.cactus.client.AbstractHttpClient.doTest(AbstractHttpClient.java;o
rg/apache/cactus/util/log/LogAspect.aj(1k):1240)
     at
org.apache.cactus.AbstractWebTestCase.runWebTest(AbstractWebTestCase.java:30
8)
     at
org.apache.cactus.AbstractWebTestCase.runGenericTest(AbstractWebTestCase.jav
a:258)
     at org.apache.cactus.ServletTestCase.runTest(ServletTestCase.java:133)
     at
org.apache.cactus.AbstractTestCase.runBare(AbstractTestCase.java:223)
     at com.systemsunion.build.junitx.SSTestRunner.start(Unknown Source)
     at com.systemsunion.build.junitx.SSTestRunner.main(Unknown Source)
 org.apache.cactus.util.ChainedRuntimeException: Unable to login, probably
due to bad username/password. Received a [400] response code andwas
expecting a [302]
     at
org.apache.cactus.client.authentication.FormAuthentication.authenticate(Form
Authentication.java;org/apache/cactus/util/log/LogAspect.aj(1k):259)
     at
org.apache.cactus.client.authentication.FormAuthentication.configure$ajcPost
Around13(FormAuthentication.java;org/apache/cactus/util/log/LogAspect.aj(1k)
:146)
     at
org.apache.cactus.client.authentication.FormAuthentication.configure$ajcPost
Around13$ajcVoidWrapper(FormAuthentication.java;org/apache/cactus/util/log/L
ogAspect.aj(1k))
     at
org.apache.cactus.client.authentication.FormAuthentication.configure(FormAut
hentication.java;org/apache/cactus/util/log/LogAspect.aj(1k):1145)
     at
org.apache.cactus.client.HttpClientConnectionHelper.connect$ajcPostAround9(H
ttpClientConnectionHelper.java;org/apache/cactus/util/log/LogAspect.aj(1k):1
18)
     at
org.apache.cactus.client.HttpClientConnectionHelper.connect(HttpClientConnec
tionHelper.java;org/apache/cactus/util/log/LogAspect.aj(1k):1240)
     at
org.apache.cactus.client.AbstractHttpClient.callRunTest(AbstractHttpClient.j
ava;org/apache/cactus/util/log/LogAspect.aj(1k):184)
     at
org.apache.cactus.client.AbstractHttpClient.doTest$ajcPostAround7(AbstractHt
tpClient.java;org/apache/cactus/util/log/LogAspect.aj(1k):108)
     at
org.apache.cactus.client.AbstractHttpClient.doTest(AbstractHttpClient.java;o
rg/apache/cactus/util/log/LogAspect.aj(1k):1240)
     at
org.apache.cactus.AbstractWebTestCase.runWebTest(AbstractWebTestCase.java:30
8)
     at
org.apache.cactus.AbstractWebTestCase.runGenericTest(AbstractWebTestCase.jav
a:258)
     at org.apache.cactus.ServletTestCase.runTest(ServletTestCase.java:133)
     at
org.apache.cactus.AbstractTestCase.runBare(AbstractTestCase.java:223)
     at com.systemsunion.build.junitx.SSTestRunner.start(Unknown Source)
     at com.systemsunion.build.junitx.SSTestRunner.main(Unknown Source)
 

Qingxian

-----Original Message-----
From: Vincent Massol [mailto:vmassol@octo.com]
Sent: 16 September 2002 15:47
To: 'Cactus Users List'
Subject: RE: Form Authentication


Hi Qingxian,

Can you try with the latest Cactus version (1.5dev) from CVS. I have
committed Jason's code in CVS yesterday and I have added some more
debugging information that could help.

You can get the nightly distribution of yesterday here:

http://jakarta.apache.org/builds/jakarta-cactus/nightly/2002-09-16/

Thanks
-Vincent

> -----Original Message-----
> From: Qingxian Wang [mailto:qingxian_wang@sunsystems.com]
> Sent: 16 September 2002 11:24
> To: 'Cactus Users List'
> Subject: RE: Form Authentication
> 
> I have tried to use FormAuthentication class with the Cactus 1.4.1.  I
got
> the following error although I have set up the correct username and
> password:
> 
>  1)
>
testFormAuthentication(com.systemsunion.framework.tools.web.deployer.ser
vl
> et
> .CactusTest_WebDeployerActionServlet)java.lang.IllegalStateException:
> class
> java.lang.IllegalArgumentException: Unable to login, probably due to
bad
> username/password. [Bad Response Code]
>      at
>
org.apache.cactus.client.authentication.FormAuthentication.authenticate(
Fo
> rm
> Authentication.java;org/apache/cactus/util/log/LogAspect.aj[1k]:193)
>      at
>
org.apache.cactus.client.authentication.FormAuthentication.dispatch9_con
fi
> gu
>
re(FormAuthentication.java;org/apache/cactus/util/log/LogAspect.aj[1k]:4
7)
>      at
>
org.apache.cactus.client.authentication.FormAuthentication.around9_confi
gu
> re
>
(FormAuthentication.java;org/apache/cactus/util/log/LogAspect.aj[1k]:115
6)
>      at
>
org.apache.cactus.client.authentication.FormAuthentication.configure(For
mA
> ut
> hentication.java;org/apache/cactus/util/log/LogAspect.aj[1k]:43)
>      at
>
org.apache.cactus.client.HttpClientConnectionHelper.dispatch26_connect(H
tt
> pC
>
lientConnectionHelper.java;org/apache/cactus/util/log/LogAspect.aj[1k]:1
16
> )
>      at
>
org.apache.cactus.client.HttpClientConnectionHelper.around26_connect(Htt
pC
> li
>
entConnectionHelper.java;org/apache/cactus/util/log/LogAspect.aj[1k]:123
6)
>      at
>
org.apache.cactus.client.HttpClientConnectionHelper.connect(HttpClientCo
nn
> ec
> tionHelper.java;org/apache/cactus/util/log/LogAspect.aj[1k]:106)
>      at
>
org.apache.cactus.client.AbstractHttpClient.callRunTest(AbstractHttpClie
nt
> .j
> ava;org/apache/cactus/util/log/LogAspect.aj[1k]:186)
>      at
>
org.apache.cactus.client.AbstractHttpClient.dispatch2_doTest(AbstractHtt
pC
> li
> ent.java;org/apache/cactus/util/log/LogAspect.aj[1k]:109)
>      at
>
org.apache.cactus.client.AbstractHttpClient.around2_doTest(AbstractHttpC
li
> en
> t.java;org/apache/cactus/util/log/LogAspect.aj[1k]:1236)
>      at
>
org.apache.cactus.client.AbstractHttpClient.doTest(AbstractHttpClient.ja
va
> ;o
> rg/apache/cactus/util/log/LogAspect.aj[1k]:104)
>      at
>
org.apache.cactus.AbstractWebTestCase.runGenericTest(AbstractWebTestCase
.j
> av
> a:260)
>      at
> org.apache.cactus.ServletTestCase.runTest(ServletTestCase.java:133)
>      at
> org.apache.cactus.AbstractTestCase.runBare(AbstractTestCase.java:195)
>      at com.systemsunion.build.junitx.SSTestRunner.start(Unknown
Source)
>      at com.systemsunion.build.junitx.SSTestRunner.main(Unknown
Source)
> 
> Any idear?
> 
> Qingxian
> 
> -----Original Message-----
> From: Qingxian Wang
> Sent: 16 September 2002 10:58
> To: 'Cactus Users List'
> Subject: RE: Form Authentication
> 
> 
> I have tried to use the FormAuthentication class with the
> CactusStrutsTestCase of the Struts test case framework.  My test case
has
> problem to find the user name and password.  I got an
> IllegalArgumentException thrown from the FormAuthentication class.  I
will
> try to use the Cactus directly, i.e. ServletTestCase class.
> 
> Qingxian
> 
> -----Original Message-----
> From: Vincent Massol [mailto:vmassol@octo.com]
> Sent: 15 September 2002 22:19
> To: 'Cactus Users List'
> Subject: RE: Form Authentication
> 
> 
> Thanks Jason! I've committed your code (modified slightly to add
missing
> javadoc, and the checkstyle violations ... :)).
> 
> I don't have any answer to your questions below. What we now need to
do
> is:
> 
> 1- write a test case for it
> 2- try it on several application servers
> 3- add web site documentation to explain how to use it
> 
> I guess 1 and 2 will give us the answers to your questions...
> 
> Thanks again
> -Vincent
> 
> > -----Original Message-----
> > From: Robertson, Jason [mailto:Jason.Robertson@acs-inc.com]
> > Sent: 12 September 2002 23:04
> > To: 'Cactus Users List'
> > Subject: RE: Form Authentication
> >
> > Ok, attached is a slightly updated file with some comments and such.
> >
> > The basic premise is:
> > 1. Is JSESSIONID non-null? If yes, stick it into a cookie and we're
> done.
> > 2. If it's null, authenticate.
> > 3. To authenticate, connect to ${ContextURL}/j_security_check with
the
> > username/password. This _should_ authenticate you.
> > 4. Cache the returned JSESSIONID.
> > 5. To verify we were authenticated, check a combination of the
> response
> > code
> > and maybe redirect location. See question below.
> >
> > A TestCase could create a new FormAuthentication object for each
test,
> or
> > could have a static one in the TestCase that will get initialized
once
> and
> > reused. The latter would provide quicker testcases at the expense of
> > keeping
> > state between test cases, which is a philosophical expense at best.
> The
> > cool
> > thing is in this case, though, that even if a single test case is
run
> in
> > the
> > middle of the sequence it will still work. It doesn't really rely on
> the
> > TestCase before it (the authentication will just happen when
needed),
> so
> > it
> > may not really violate any of the unit test philosophy.
> >
> > Only a couple questions:
> >
> > 1. Will all app servers send a 302 response with the location being
> the
> > ContextURL after a successful login? WebLogic does, and that's my
only
> > source right now. What about on an unsuccessful login? WebLogic
> returns a
> > 200 and the content is that of the login page, but I think it would
be
> > acceptable to return a 302 with a Location of the login page. I
think
> my
> > code will work with both, but testing will be the only proof.
> >
> > 2. Do I need the setSecurityCheck method? Or will
> > ${ContextURL}/j_security_check always work? It's really a safety
net,
> but
> > it
> > might be unnecessary.
> >
> > Jason
> >
> > -----Original Message-----
> > From: Erik Hatcher [mailto:lists@ehatchersolutions.com]
> > Sent: Thursday, September 12, 2002 9:17 AM
> > To: Cactus Users List
> > Subject: Re: Form Authentication
> >
> >
> > Wow, just in the nick of time too!  I haven't looked at your code,
but
> > this is exactly what we need as well.
> >
> > I look forward to the Cactus committers having a look at this to see
> if
> > it fits in and getting it committed!  :)
> >
> > Thanks Jason!
> >
> > 	Erik
> >
> > Robertson, Jason wrote:
> > > Here's a FormAuthentication implementation that doesn't need any
> rework
> > of
> > > the standard flow. The only modification needed to make this
compile
> is
> > to
> > > make the base class AbstractAuthentication's member variables
> 'theName'
> > and
> > > 'thePassword' protected instead of private.
> > >
> > > This is a first pass. It's short on comments, and has some
debugging
> > code
> > > temporarily commented out, but it works. At least for me, on
> WebLogic
> > 7.0.
> > > :)
> > >
> > > I'll comment it and express some minor concerns especially with
> regards
> > to
> > > various app servers in the coming days, but I thought I'd throw
this
> out
> > > now.
> > >
> > > I tried to include a sample ear that has a basic example, but the
> war's
> > lib
> > > directory is too big and it bounced. So I've included the project,
> just
> > > adjust the jar file properties in build.xml to make it all work.
> > >
> > > Jason
> > >
> > >
> > >
> > >
>
------------------------------------------------------------------------
> > >
> > > --
> > > To unsubscribe, e-mail:
> > <mailto:cactus-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> > <mailto:cactus-user-help@jakarta.apache.org>
> >
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:cactus-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:cactus-user-help@jakarta.apache.org>
> 
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:cactus-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:cactus-user-help@jakarta.apache.org>
> 
> 
> This e-mail and any files transmitted with it are confidential and
> intended
> solely for the use of the individual or entity to whom it is
addressed. If
> you have received this e-mail in error you must not copy, distribute
or
> take
> any action in reliance on it. Please notify the sender by e-mail or
> telephone.
> We utilise an anti-virus system and therefore any files sent via
e-mail
> will
> have been checked for known viruses. You are however advised to run
your
> own
> virus check before opening any attachments received as we will not in
any
> event accept any liability whatsoever once an e-mail and/or any
attachment
> is received. Any views expressed by an individual within this e-mail
do
> not
> necessarily reflect the views of Systems Union Group plc or any of its
> subsidiary companies.
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:cactus-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:cactus-user-help@jakarta.apache.org>
> 
> 
> This e-mail and any files transmitted with it are confidential and
> intended
> solely for the use of the individual or entity to whom it is
addressed. If
> you have received this e-mail in error you must not copy, distribute
or
> take
> any action in reliance on it. Please notify the sender by e-mail or
> telephone.
> We utilise an anti-virus system and therefore any files sent via
e-mail
> will
> have been checked for known viruses. You are however advised to run
your
> own
> virus check before opening any attachments received as we will not in
any
> event accept any liability whatsoever once an e-mail and/or any
attachment
> is received. Any views expressed by an individual within this e-mail
do
> not
> necessarily reflect the views of Systems Union Group plc or any of its
> subsidiary companies.
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:cactus-user-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:cactus-user-
> help@jakarta.apache.org>



--
To unsubscribe, e-mail:
<mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:cactus-user-help@jakarta.apache.org>


This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom it is addressed. If
you have received this e-mail in error you must not copy, distribute or take
any action in reliance on it. Please notify the sender by e-mail or
telephone.
We utilise an anti-virus system and therefore any files sent via e-mail will
have been checked for known viruses. You are however advised to run your own
virus check before opening any attachments received as we will not in any
event accept any liability whatsoever once an e-mail and/or any attachment
is received. Any views expressed by an individual within this e-mail do not
necessarily reflect the views of Systems Union Group plc or any of its
subsidiary companies.


--
To unsubscribe, e-mail:   <mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:cactus-user-help@jakarta.apache.org>


Mime
View raw message