tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/servlets AuthServlet.java
Date Fri, 07 Apr 2000 23:09:20 GMT
Costin Manolache wrote:

> Just curious, what was not working in form-based login ?
>

So far, I know about the following items:

* It doesn't go to the <form-error-page> page on invalid
  username/password; it just goes back to the login page again.
  The interactions between the players on this didn't make a
  quick fix easy to identify.

* Once you successfully authenticate, getRemoteUser() is
  set correctly but getUserPrincipal() is not.

* Probably because of the previous issue, isUserInRole()
  never returns true even though the user is registered in
  the role via conf/tomcat-users.conf (I had to fix a parsing
  issue to recognize a comma-delimited set of roles).

For BASIC authentication it all seems to work correctly.  I tried all the
boundary conditions I could think of and they now work right, but I
certainly could have missed something.

>
> Costin
>

Craig



Mime
View raw message