You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2008/04/23 18:19:32 UTC
Re: FooRealm not returning [any] error codes/exceptions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Richard,
Gundersen, Richard wrote:
| I'm using the standard JNDIRealm class to authenticate users. However if
| the login is unsuccessful, I am unable report the *reason* for the
| failure.
Yup. That's just how the realms are written. The code catches all
checked exceptions and merely logs them, and returns null (which means
"not authenticated").
Check your catalina.out or other log files for the reason.
| I was thinking of writing my own Realm class which did the same, but
| threw the exception if one occurred. Unfortunately this would break the
| contract with the RealmBase class I think (abstract methods).
You can't change that without re-writing a bunch of Tomcat code. What
you can do is to log the problem somewhere specific.
| From reading the Servlet spec, it suggests that the failure information
| *should* be available:
|
| "The error page sent to a user that is not authenticated
| contains information about the failure."
|
| Does anyone have any advice / solved this problem before? Appreciate any
| feedback
The information that Tomcat has chosen to provide is limited to the lack
of successful authentication.
One solution is to use securityfilter
(http://securityfilter.sourceforge.net/). You can use Tomcat-provided
realms or write your own (which I recommend, given your requirements).
Get the latest source code and look at the FlexibleRealmInterface, which
has a method for authentication that includes a reference to the
request, so you can shove error messages into that and stuff like that.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgPYZQACgkQ9CaO5/Lv0PDdfACgnPmbJOmsM7Ve0CatQgsRvtkn
jQQAnjMogAAWdD+29gE7HAr5f976ZKXd
=7qgR
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org