You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Cy...@nexans.com on 2005/03/21 16:02:18 UTC
How to trap errors while authenticating user : Custon Authentication
mechanism ?
Hello,
I'm trying to use a Novell LDAP server, and let it manage the Passwords
instead of my webapp. Unfortunately I've found that the JNDIRealm doesn't
tell me the reason of the failure when authenticating a user.
In this case I cannot know where to redirect in the Novell portal ( Forgot
Password or Password Expired functions - depending on the LDAP exception
captured). since I'm new to authentication in Tomcat, can you tell me what
is/are the best way to start implementing a Custom Realm that return to the
application the trapped exception, in order to redirect to the correct
Novell Function.
Thanks in advance..
Cyril ZEKSER
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: How to trap errors while authenticating user : Custon Authentication
mechanism ?
Posted by Mark Thomas <ma...@apache.org>.
This is probably by design. This sort of information can be useful to an
attacker.
If you want to implement this yourself possible starting points would be
overriding the relevant methods of org.apache.catalina.realm.JNDIRealm
or extending org.apache.catalina.realm.RealmBase
HTH
Mark
Cyril.ZEKSER@nexans.com wrote:
> Hello,
>
> I'm trying to use a Novell LDAP server, and let it manage the Passwords
> instead of my webapp. Unfortunately I've found that the JNDIRealm doesn't
> tell me the reason of the failure when authenticating a user.
>
> In this case I cannot know where to redirect in the Novell portal ( Forgot
> Password or Password Expired functions - depending on the LDAP exception
> captured). since I'm new to authentication in Tomcat, can you tell me what
> is/are the best way to start implementing a Custom Realm that return to the
> application the trapped exception, in order to redirect to the correct
> Novell Function.
>
> Thanks in advance..
>
> Cyril ZEKSER
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: How to trap errors while authenticating user : Custon Authentication mechanism ?
Posted by William Stranathan <sh...@gmail.com>.
Besides, giving to the USER a different authentication failure message
is a bad idea - hackers use that information to know which accounts to
try to hack.
On the other hand, though, custom handling of the error would be nice
- the LDAP servers I use disconnect silently without traffic for some
amount of time, but there's no way for me to trap that error - it just
appears as an authentication failure to the user, and they have to try
to authenticate again so Tomcat can establish a new connection.
w
On Mon, 21 Mar 2005 13:27:50 -0900, Erik Fiegel
<er...@dnr.state.ak.us> wrote:
> That seems like overkill. Did you try turning up the debug level of
> your Realm?
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> debug="99999"
> connectionURL="ldap://localhost:389"
> userBase="ou=people,dc=mycompany,dc=com"
> userSearch="(mail={0})"
> userRoleName="memberOf"
> roleBase="ou=groups,dc=mycompany,dc=com"
> roleName="cn"
> roleSearch="(uniqueMember={0})"
> />
>
> - Erik
>
> Cyril.ZEKSER@nexans.com wrote:
>
> >Hello,
> >
> >I'm trying to use a Novell LDAP server, and let it manage the Passwords
> >instead of my webapp. Unfortunately I've found that the JNDIRealm doesn't
> >tell me the reason of the failure when authenticating a user.
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: How to trap errors while authenticating user : Custon
Authentication mechanism ?
Posted by Erik Fiegel <er...@dnr.state.ak.us>.
That seems like overkill. Did you try turning up the debug level of
your Realm?
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99999"
connectionURL="ldap://localhost:389"
userBase="ou=people,dc=mycompany,dc=com"
userSearch="(mail={0})"
userRoleName="memberOf"
roleBase="ou=groups,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
- Erik
Cyril.ZEKSER@nexans.com wrote:
>Hello,
>
>I'm trying to use a Novell LDAP server, and let it manage the Passwords
>instead of my webapp. Unfortunately I've found that the JNDIRealm doesn't
>tell me the reason of the failure when authenticating a user.
>
>In this case I cannot know where to redirect in the Novell portal ( Forgot
>Password or Password Expired functions - depending on the LDAP exception
>captured). since I'm new to authentication in Tomcat, can you tell me what
>is/are the best way to start implementing a Custom Realm that return to the
>application the trapped exception, in order to redirect to the correct
>Novell Function.
>
>Thanks in advance..
>
>Cyril ZEKSER
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org