tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel L. Rall" <>
Subject Re: Realm.authenticate() failure
Date Fri, 18 Feb 2000 08:16:24 GMT
> I am currently trying to intergrate our existing Realm implementation
> with Craig's catalina.Realm interface but find that the authenticate
> methods only return null on failure. Currently I throw
> NoSuchUserException, InvalidPasswordException,
> InvalidCertificateException Exceptions's to provide some feedback to
> users as to why their logon failed amd also to Audit Log authentication
> failures.
> Perhaps Craig or someone would like to explain the thinking behind only
> returtning a null as opposed to throwing an Exception indicating the
> reason for failure.

I offer to this discussion Kernighan and Pike's view on exceptions:

  "Use Exceptions only for exceptional situations.
  Exceptions are often overused.  Because they distort the flow of 
  control, they can lead to convoluted constructions that are prone to 
  bugs.  It is hardly exceptional to fail to open a file; generating 
  an exception in this case strikes us as over-engineering.  Exceptions 
  are best reserved for truly unexpected events, such as file systems 
  filling up or floating-point errors."
  -- pg. 112, The Practice of Programming

I am not claiming that this is the right or best view, it just happens
to be the view of the author of the C language--a very good programmer. 
Though I do not operate soley under this advise while programming Java,
I do often return null for failure instead of throwing an exception. 
Reading this has made me think a little longer every time I reach a spot
where I might have otherwise just thrown an exception without a second
thought, and I think that my code is generally the better for it.

Daniel Rall (

View raw message