You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cactus-user@jakarta.apache.org by Eric Barendt <er...@danube.com> on 2008/04/30 00:28:56 UTC
FormAuthentication problem
I'm working on switching our application from Basic to Form authentication.
I had Cactus working fine with:
request.setRedirectorName("ServletRedirectorSecure");
request.setAuthentication(new BasicAuthentication("user", "password");
I changed our web.xml from BASIC to FORM, switched the application, and that
all works fine. Cactus, however, fails when I change the above to:
request.setRedirectorName("ServletRedirectorSecure");
request.setAuthentication(new FormAuthentication("user", "password");
which should work according to
http://jakarta.apache.org/cactus/writing/howto_security.html
With BasicAuthentication, everything works fine and I get this in my access
log:
127.0.0.1 - user [29/Apr/2008:14:32:48 -0500] "GET
/application/ServletRedirectorSecure?Cactus_TestMethod=testMethod&Cactus_TestClass=com.company.TestClass&Cactus_AutomaticSession=true&Cactus_Service=CALL_TEST
HTTP/1.1" 200 -
127.0.0.1 - user [29/Apr/2008:14:32:48 -0500] "GET
/application/ServletRedirectorSecure?Cactus_Service=GET_RESULTS HTTP/1.1"
200 23
With FormAuthentication, I get "Missing service name parameter
[Cactus_Service] in HTTP request." and "Error getting test result. This
could happen for example if you're using a load-balancer." This is what I
see in my access log:
127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "GET
/application/ServletRedirectorSecure HTTP/1.1" 200 2357
127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "POST
/application/j_security_check HTTP/1.1" 302 -
127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
/application/ServletRedirectorSecure HTTP/1.1" 500 2527
127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
/application/ServletRedirectorSecure?Cactus_Service=GET_RESULTS HTTP/1.1"
500 2556
It seems to be losing the http parameters when I use form auth. Did
something change between the time the docs were written and now? Is there a
better FormAuthentication example?
Has anybody gotten FormAuthentication to work?
Thanks,
Eric
Re: FormAuthentication problem
Posted by Kazuhito SUGURI <su...@lab.ntt.co.jp>.
Hi,
Sorry for my late response.
In article <26...@mail.gmail.com>,
Wed, 30 Apr 2008 09:24:42 -0700,
"Eric Barendt" <er...@danube.com> wrote:
eric> We are using JBoss 4.2.1 with whatever version of Tomcat it comes with. I
eric> just applied your patch to the 1.8.0 code, and it works great!
Thank you for the feedback.
eric> Is this a bug in Cactus? I couldn't find anything in the project's Jira
eric> page, but it'd be great to get this integrated.
I think, it is a fault in Cactus: "not implemented yet".
AFAIK, the client-server protocol for the form-based authentication
have not been specified in detail, so, many possible implementations exist.
It seems that Tomcat changed the implementation
in a way Cactus mishandles the protocol with Tomcat.
I think the new protocol of Tomcat is a possible one,
and issue is in Cactus side.
----
Kazuhito SUGURI
Re: FormAuthentication problem
Posted by Petar Tahchiev <pa...@gmail.com>.
Hi guys,
I have added Kazuhito's changes in the svn. Sorry I have missed them - I
have
been really swamped lately.
Eric, maybe you can tell more on how you use Cactus on the "Who uses Cactus"
wiki.
:-)
Cheers, Petar.
2008/4/30 Eric Barendt <er...@danube.com>:
> We are using JBoss 4.2.1 with whatever version of Tomcat it comes with. I
> just applied your patch to the 1.8.0 code, and it works great!
>
> Is this a bug in Cactus? I couldn't find anything in the project's Jira
> page, but it'd be great to get this integrated.
>
> Thanks!
> Eric
>
> On Tue, Apr 29, 2008 at 11:30 PM, Kazuhito SUGURI <
> suguri.kazuhito@lab.ntt.co.jp> wrote:
>
> > Hi Eric,
> >
> > In article <266b3cb30804291528s13dafae0y16425435e3dd1a1c@mail.gmail.com
> >,
> > Tue, 29 Apr 2008 15:28:56 -0700,
> > "Eric Barendt" <er...@danube.com> wrote:
> > eric> I'm working on switching our application from Basic to Form
> > authentication.
> > [snip]
> > eric> With FormAuthentication, I get "Missing service name parameter
> > eric> [Cactus_Service] in HTTP request." and "Error getting test result.
> > This
> > eric> could happen for example if you're using a load-balancer." This
> is
> > what I
> > eric> see in my access log:
> > eric>
> > eric> 127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "GET
> > eric> /application/ServletRedirectorSecure HTTP/1.1" 200 2357
> > eric> 127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "POST
> > eric> /application/j_security_check HTTP/1.1" 302 -
> > eric> 127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
> > eric> /application/ServletRedirectorSecure HTTP/1.1" 500 2527
> > eric> 127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
> > eric> /application/ServletRedirectorSecure?Cactus_Service=GET_RESULTS
> > HTTP/1.1"
> > eric> 500 2556
> >
> > What is your servlet container?
> >
> > If you are using Tomcat later than 5.5.20,
> > my post to tomcat-users ML might helps you:
> > http://marc.info/?l=tomcat-user&m=119098089904045&w=2
> >
> > If it works for you, please let me know.
> > ----
> > Kazuhito SUGURI
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: cactus-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: cactus-user-help@jakarta.apache.org
> >
> >
>
>
> --
> Eric Barendt
> Danube Technologies, Inc.
>
--
Regards, Petar!
Karlovo, Bulgaria.
EOOXML Objections
http://www.grokdoc.net/index.php/EOOXML_objections
Public PGP Key at:
https://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x19658550C3110611
Key Fingerprint: A369 A7EE 61BC 93A3 CDFF 55A5 1965 8550 C311 0611
Re: FormAuthentication problem
Posted by Eric Barendt <er...@danube.com>.
We are using JBoss 4.2.1 with whatever version of Tomcat it comes with. I
just applied your patch to the 1.8.0 code, and it works great!
Is this a bug in Cactus? I couldn't find anything in the project's Jira
page, but it'd be great to get this integrated.
Thanks!
Eric
On Tue, Apr 29, 2008 at 11:30 PM, Kazuhito SUGURI <
suguri.kazuhito@lab.ntt.co.jp> wrote:
> Hi Eric,
>
> In article <26...@mail.gmail.com>,
> Tue, 29 Apr 2008 15:28:56 -0700,
> "Eric Barendt" <er...@danube.com> wrote:
> eric> I'm working on switching our application from Basic to Form
> authentication.
> [snip]
> eric> With FormAuthentication, I get "Missing service name parameter
> eric> [Cactus_Service] in HTTP request." and "Error getting test result.
> This
> eric> could happen for example if you're using a load-balancer." This is
> what I
> eric> see in my access log:
> eric>
> eric> 127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "GET
> eric> /application/ServletRedirectorSecure HTTP/1.1" 200 2357
> eric> 127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "POST
> eric> /application/j_security_check HTTP/1.1" 302 -
> eric> 127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
> eric> /application/ServletRedirectorSecure HTTP/1.1" 500 2527
> eric> 127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
> eric> /application/ServletRedirectorSecure?Cactus_Service=GET_RESULTS
> HTTP/1.1"
> eric> 500 2556
>
> What is your servlet container?
>
> If you are using Tomcat later than 5.5.20,
> my post to tomcat-users ML might helps you:
> http://marc.info/?l=tomcat-user&m=119098089904045&w=2
>
> If it works for you, please let me know.
> ----
> Kazuhito SUGURI
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cactus-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: cactus-user-help@jakarta.apache.org
>
>
--
Eric Barendt
Danube Technologies, Inc.
Re: FormAuthentication problem
Posted by Kazuhito SUGURI <su...@lab.ntt.co.jp>.
Hi Eric,
In article <26...@mail.gmail.com>,
Tue, 29 Apr 2008 15:28:56 -0700,
"Eric Barendt" <er...@danube.com> wrote:
eric> I'm working on switching our application from Basic to Form authentication.
[snip]
eric> With FormAuthentication, I get "Missing service name parameter
eric> [Cactus_Service] in HTTP request." and "Error getting test result. This
eric> could happen for example if you're using a load-balancer." This is what I
eric> see in my access log:
eric>
eric> 127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "GET
eric> /application/ServletRedirectorSecure HTTP/1.1" 200 2357
eric> 127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "POST
eric> /application/j_security_check HTTP/1.1" 302 -
eric> 127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
eric> /application/ServletRedirectorSecure HTTP/1.1" 500 2527
eric> 127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
eric> /application/ServletRedirectorSecure?Cactus_Service=GET_RESULTS HTTP/1.1"
eric> 500 2556
What is your servlet container?
If you are using Tomcat later than 5.5.20,
my post to tomcat-users ML might helps you:
http://marc.info/?l=tomcat-user&m=119098089904045&w=2
If it works for you, please let me know.
----
Kazuhito SUGURI