tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Blakeley <>
Subject Re: Realm.authenticate() failure
Date Fri, 18 Feb 2000 08:28:44 GMT
Yes I agree with the assertion "Use Exceptions only for exceptional
situations" but it does not help with the real world problem of
providing contextual feedback to the user, anyone who has worked in
support will tell you that the more contextual information we can
provide users the better. Is it normal program flow to receive an
invalid username / password/cert ?. I think it could be argued that
these are "exceptional situations". I don't want to argue symantics but
provide an answer to the problem.

cheers pb..

"Daniel L. Rall" wrote:
> > I am currently trying to intergrate our existing Realm implementation
> > with Craig's catalina.Realm interface but find that the authenticate
> > methods only return null on failure. Currently I throw
> > NoSuchUserException, InvalidPasswordException,
> > InvalidCertificateException Exceptions's to provide some feedback to
> > users as to why their logon failed amd also to Audit Log authentication
> > failures.
> >
> > Perhaps Craig or someone would like to explain the thinking behind only
> > returtning a null as opposed to throwing an Exception indicating the
> > reason for failure.
> I offer to this discussion Kernighan and Pike's view on exceptions:
>   "Use Exceptions only for exceptional situations.
>   ...
>   Exceptions are often overused.  Because they distort the flow of
>   control, they can lead to convoluted constructions that are prone to
>   bugs.  It is hardly exceptional to fail to open a file; generating
>   an exception in this case strikes us as over-engineering.  Exceptions
>   are best reserved for truly unexpected events, such as file systems
>   filling up or floating-point errors."
>   -- pg. 112, The Practice of Programming
> I am not claiming that this is the right or best view, it just happens
> to be the view of the author of the C language--a very good programmer.
> :)
> Though I do not operate soley under this advise while programming Java,
> I do often return null for failure instead of throwing an exception.
> Reading this has made me think a little longer every time I reach a spot
> where I might have otherwise just thrown an exception without a second
> thought, and I think that my code is generally the better for it.
> --
> Daniel Rall (
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


Peter Blakeley 
Head of Software Development Coolcat Software Pty. Ltd.
Director Clearwater WebTech Pty. Ltd.

A financial instrument is a device used by a Banker to pick your pocket.
It is said an art degree is a licence to know it all, I am lucky I need
no art degree.

View raw message