You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Cy...@nexans.com on 2005/03/22 14:06:27 UTC
Réf. : Re: How to trap errors while authenticatinguser : Custon Authentication mechanism ?
Hi,
I don't want to give to the user the error why his login fails, but I want
to open a popup calling the good service from my Novell server.
Beside of that, I'm developping an Intranet application, so hacking is not
our primary concern.
What can I do instead of unpacking calalina.jar and compiling it from
scratch... - including the mbean descriptor file ?
Regards
Cyril ZEKSER
--------------------------------------------------------------------------------
William
Stranathan Pour : Tomcat Users List <to...@jakarta.apache.org>
<shi1wei3@gmail. cc :
com> Objet : Re: How to trap errors while authenticating user : Custon Authentication
mechanism ?
22/03/2005 13:10
Veuillez
répondre à
"Tomcat Users
List"
Besides, giving to the USER a different authentication failure message
is a bad idea - hackers use that information to know which accounts to
try to hack.
On the other hand, though, custom handling of the error would be nice
- the LDAP servers I use disconnect silently without traffic for some
amount of time, but there's no way for me to trap that error - it just
appears as an authentication failure to the user, and they have to try
to authenticate again so Tomcat can establish a new connection.
w
On Mon, 21 Mar 2005 13:27:50 -0900, Erik Fiegel
<er...@dnr.state.ak.us> wrote:
> That seems like overkill. Did you try turning up the debug level of
> your Realm?
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> debug="99999"
> connectionURL="ldap://localhost:389"
> userBase="ou=people,dc=mycompany,dc=com"
> userSearch="(mail={0})"
> userRoleName="memberOf"
> roleBase="ou=groups,dc=mycompany,dc=com"
> roleName="cn"
> roleSearch="(uniqueMember={0})"
> />
>
> - Erik
>
> Cyril.ZEKSER@nexans.com wrote:
>
> >Hello,
> >
> >I'm trying to use a Novell LDAP server, and let it manage the Passwords
> >instead of my webapp. Unfortunately I've found that the JNDIRealm
doesn't
> >tell me the reason of the failure when authenticating a user.
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org