tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <Costin.Manola...@eng.sun.com>
Subject Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/servlets AuthServlet.java
Date Sat, 08 Apr 2000 00:02:01 GMT
"Craig R. McClanahan" wrote:

> Costin Manolache wrote:
>
> > Just curious, what was not working in form-based login ?
> >
>
> So far, I know about the following items:

> * It doesn't go to the <form-error-page> page on invalid
>   username/password; it just goes back to the login page again.
>   The interactions between the players on this didn't make a
>   quick fix easy to identify.

That doesn't work for BASIC authentication either - and the
  reason is that
void errorPage() is not  implemented :-)

The behavior is identical for BASIC and FORM - if user doesn't
match we call errorPage() to handle that.

( in BASIC, if you click CANCEL in the login dialog you should
be redirected to the error page - which doesn't happen )


> * Once you successfully authenticate, getRemoteUser() is
>   set correctly but getUserPrincipal() is not.

Again - the code is identical for FORM and BASIC -
and it seems to work the same way ( same output and
user principal for both of them ).

> * Probably because of the previous issue, isUserInRole()
>   never returns true even though the user is registered in
>   the role via conf/tomcat-users.conf (I had to fix a parsing
>   issue to recognize a comma-delimited set of roles).

Same is true - there is no difference between FORM and BASIC
except the way they get the user and password.


> For BASIC authentication it all seems to work correctly.  I tried all the
> boundary conditions I could think of and they now work right, but I
> certainly could have missed something.

Except error page - that doesn't work in both cases, everything seems
to work identical.

Costin


Mime
View raw message