jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Setanta Mathews <smath...@ecceleration.ie>
Subject RE: FormAuthentication and Error Code 500
Date Thu, 18 Nov 2004 11:56:27 GMT
Hi,

Thanks for the reply.

I think the password is okay. If I change it to something else I get a 403
(forbidden) error response code:

java.lang.Exception: Received a status code [403] and was expecting a [302]

Now things get a little bit strange ... 

I think the HTTP sniffer I was using (HTTPLook) might have somehow been
interfering with HTTP traffic. After turning it off and running my test
again I got the following cactus error:

java.lang.Exception: Received a status code [500] and was expecting a [302]

And in my OC4J application.log you can see that the 500 Error was caused by
something I've seen in mailing list archives quite a bit:

javax.servlet.ServletException: Missing service name parameter
[Cactus_Service] in HTTP request. Received query string is [].

Now, if I change by begin method to expect a response code of 500 ...

public void beginA(WebRequest theRequest)
{
	theRequest.setRedirectorName("ServletRedirectorSecure");
	FormAuthentication fa = new FormAuthentication("0",
"qUqP5cyxm6YcTAhz05Hph5gvu9M=");
	fa.setExpectedAuthResponse(500);
	theRequest.setAuthentication(fa);
}


... guess what? The test runs fine. I'm still getting the application error
but I'm guessing that's because something in the web-app (I've only just
started working on it and I'm not too familiar with it just yet) tries to
process the original request to the ServletRedirectorSecure and there was no
Cactus_Service request parameter.

Out of curiosity I set the redirector name to the following in my begin
method:

theRequest.setRedirectorName("ServletRedirectorSecure?Cactus_Service=GET_VER
SION");

But I still get the 500 error.

Anyway, if a call to setExpectedAuthResponse(500) gets my tests running then
I'm happy for the time being.

Thanks,

Setanta.


-----Original Message-----
From: Kazuhito SUGURI [mailto:suguri.kazuhito@lab.ntt.co.jp] 
Sent: 18 November 2004 11:22
To: cactus-user@jakarta.apache.org
Subject: Re: FormAuthentication and Error Code 500

Hi Setanta,

In article <31D0DEEB9650D81182BA00105ADE8CB70DD6FB@EXCHANGE>,
Thu, 18 Nov 2004 11:03:53 -0000,
Setanta Mathews <smathews@ecceleration.ie> wrote: 
smathews> public void beginA(WebRequest theRequest)
smathews> {
smathews>
theRequest.setRedirectorName("ServletRedirectorSecure");
smathews>             FormAuthentication fa = new FormAuthentication("0",
smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M=");
smathews>             theRequest.setAuthentication(fa);
smathews> }

Is the password "qUqP5cyxm6YcTAhz05Hph5gvu9M=" base-64 encoded?
Your system may stores passwords with encrypted and base-64 encoded form,
however, you should give a password with plain text form to the system.
So, you should pass a plain password to the constructor, I guess.


smathews> The HTTP traffic is
smathews>  
smathews> 1 - Cactus Request
smathews>  
smathews> GET /ServletRedirectorSecure? HTTP/1.1
smathews> Content-type: application/x-www-form-urlencoded
smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews> Host: localhost:8889
smathews>  
smathews> 2 - OC4J Response
smathews>  
smathews> HTTP/1.1 200 OK
smathews> Date: Thu, 18 Nov 2004 10:43:46 GMT
smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews> Content-Location:
smathews> http://localhost:8889/jsp/html/portlet/my_account/j_login.jsp
smathews> Set-Cookie: JSESSIONID=b3eabbf09d734b998c79d15602741b8c; Path=/
smathews> Connection: Close
smathews> Content-Type: text/html;charset=ISO-8859-1
smathews> Cache-Control: no-cache
smathews> Transfer-Encoding: chunked
smathews>  
smathews> 3 - Cactus Request
smathews>  
smathews> POST /j_security_check? HTTP/1.1
smathews> Content-type: application/x-www-form-urlencoded
smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews> Host: localhost:8889
smathews> Cookie: $Version=0; JSESSIONID=b3eabbf09d734b998c79d15602741b8c
smathews> Content-Length: 54
smathews>  
smathews> j_username=0&j_password=qUqP5cyxm6YcTAhz05Hph5gvu9M%3D
smathews>  
smathews> 4 - OC4J Response
smathews>  
smathews> HTTP/1.1 100 Continue
smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews> Date: Thu, 18 Nov 2004 10:43:47 GMT

The last response means that the authentication is not completed.
I'm not sure why your container responses with status 100, however,
this may make your case, i.e. "unable to find line starting with HTTP".

Regards,
----
Kazuhito SUGURI
mailto:suguri.kazuhito@lab.ntt.co.jp

---------------------------------------------------------------------
To unsubscribe, e-mail: cactus-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: cactus-user-help@jakarta.apache.org

Mime
View raw message