tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel L. Rall" <...@finemaltcoding.com>
Subject Re: Realm.authenticate() failure
Date Fri, 18 Feb 2000 08:46:56 GMT
> > > I am currently trying to intergrate our existing Realm implementation
> > > with Craig's catalina.Realm interface but find that the authenticate
> > > methods only return null on failure. Currently I throw
> > > NoSuchUserException, InvalidPasswordException,
> > > InvalidCertificateException Exceptions's to provide some feedback to
> > > users as to why their logon failed amd also to Audit Log authentication
> > > failures.
> > >
> > > Perhaps Craig or someone would like to explain the thinking behind only
> > > returtning a null as opposed to throwing an Exception indicating the
> > > reason for failure.
> >
> > I offer to this discussion Kernighan and Pike's view on exceptions:
> >
> >   "Use Exceptions only for exceptional situations.
> >   ...
> >   Exceptions are often overused.  Because they distort the flow of
> >   control, they can lead to convoluted constructions that are prone to
> >   bugs.  It is hardly exceptional to fail to open a file; generating
> >   an exception in this case strikes us as over-engineering.  Exceptions
> >   are best reserved for truly unexpected events, such as file systems
> >   filling up or floating-point errors."
> >   -- pg. 112, The Practice of Programming
> >
> > I am not claiming that this is the right or best view, it just happens
> > to be the view of the author of the C language--a very good programmer.
> > :)
> > Though I do not operate soley under this advise while programming Java,
> > I do often return null for failure instead of throwing an exception.
> > Reading this has made me think a little longer every time I reach a spot
> > where I might have otherwise just thrown an exception without a second
> > thought, and I think that my code is generally the better for it.

> Yes I agree with the assertion "Use Exceptions only for exceptional
> situations" but it does not help with the real world problem of
> providing contextual feedback to the user, anyone who has worked in
> support will tell you that the more contextual information we can
> provide users the better. Is it normal program flow to receive an
> invalid username / password/cert ?. I think it could be argued that
> these are "exceptional situations". I don't want to argue symantics but
> provide an answer to the problem.

I disagree with your statement that an invalid username/password/cert is
an exceptional situation.  In real life, it happens all the time.  I
myself mistype one piece of a two or three part key (i.e. a
username/password combo) at *least* once a day.  Is the failure of my
fingers exceptional?  I don't think so.  Even in server configuration,
misconfiguration is not exceptional--especially during an initial
setup.  Authentication failures happen all the time.  I quite agree with
your statement about providing as much specific feedback to the user as
possible, and perhaps an exception in this case would be an easy
solution for determining the source of the failure.  However, as I
understand the situation the purpose of the method in question is to
validate a 3 part key.  This key is either valid, or not.  No single
part of the key can be valid without all parts corresponding to a
specific record.  In other words, you can't be *almost* right.  But
perhaps security like this is unnecessarily tight.  I guess it depends
on the context in which you are using it.  Well, that's my thoughts for
the night (hell, probably for the whole week).    ;)

Mime
View raw message