You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Lawence <al...@yahoo.com> on 2003/10/02 21:14:10 UTC
Form login page doesn't show up for custom authenticator?
Dear all,
I had a wierd problem working with my own authenticator. The form login
page did not appear at all but I got an error message stating
"Configuration error: Cannot perform access control without an authenticated
principal". By checking the log file, I understood how this error was
triggered but still could not solve it.
Since the login page did not appear, I had no chance to invoke
j_security_check (by clicking the submit button). Consequently the request url
did not end with the string "j_security_check". Somewhere in the
program, the following check thus failed.
// Is this the action request from the login page?
boolean loginAction =
requestURI.startsWith(contextPath) &&
requestURI.endsWith(Constants.FORM_ACTION);
// No -- Save this request and redirect to the form login page
if (!loginAction) {
session = getSession(request, true);
if (debug >= 1)
log("Save request in session '" + session.getId() +
"'");
saveRequest(request, session);
if (debug >= 1)
log("Redirect to login page '" + loginURI + "'");
hres.sendRedirect(hres.encodeRedirectURL(loginURI));
return (false);
}
So I was redirected to the login page (again it did not appear at all).
This time the following check succeeded:
// Is this a request for the login page itself? Test here to avoid
// displaying it twice (from the user's perspective) -- once
because
// of the "save and redirect" and once because of the "restore
and
// redirect" performed below.
String loginURI = contextPath + config.getLoginPage();
if (requestURI.equals(loginURI)) {
if (debug >= 1)
log("Requesting login page normally");
return (true); // Display the login page in the usual
manner
}
I think this code assumes I have been already authenticated. That's why
finally I got the error.
My questions are:
1. When should the login page appear? I think it should appear before
the call of the corresponding authenticator, am I right?
2. Is there some special configuration to bring up the login page for
user's custom authenticator?
Any suggestions or hints would be greatly appreciated.
---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search