You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Lawence <al...@yahoo.com> on 2003/10/02 21:14:10 UTC

Form login page doesn't show up for custom authenticator?

Dear all,
 
I had a wierd problem working with my own authenticator. The form login 
page did not appear at all but I got an error message stating 
"Configuration error: Cannot perform access control without an authenticated 
principal". By checking the log file, I understood how this error was 
triggered but still could not solve it.
 
Since the login page did not appear, I had no chance to invoke 
j_security_check (by clicking the submit button). Consequently the request url 
did not end with the string "j_security_check". Somewhere in the 
program, the following check thus failed.
 
 
// Is this the action request from the login page?
        boolean loginAction =
            requestURI.startsWith(contextPath) &&
            requestURI.endsWith(Constants.FORM_ACTION);
       
        // No -- Save this request and redirect to the form login page
        if (!loginAction) {
            session = getSession(request, true);
            if (debug >= 1)
                log("Save request in session '" + session.getId() + 
"'");
            saveRequest(request, session);
            if (debug >= 1)
                log("Redirect to login page '" + loginURI + "'");
            hres.sendRedirect(hres.encodeRedirectURL(loginURI));
            return (false);
        }
 
So I was redirected to the login page (again it did not appear at all). 
This time the following check succeeded:
 
// Is this a request for the login page itself?  Test here to avoid
        // displaying it twice (from the user's perspective) -- once 
because
        // of the "save and redirect" and once because of the "restore 
and
        // redirect" performed below.
        String loginURI = contextPath + config.getLoginPage();
        if (requestURI.equals(loginURI)) {
            if (debug >= 1)
                log("Requesting login page normally");
            return (true);      // Display the login page in the usual 
manner
        }
 
I think this code assumes I have been already authenticated. That's why 
finally I got the error.
 
My questions are:
1. When should the login page appear? I think it should appear before 
the call of the corresponding authenticator, am I right?
 
2. Is there some special configuration to bring up the login page for 
user's custom authenticator?
 
Any suggestions or hints would be greatly appreciated.
 
 
 



---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search