You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cactus-user@jakarta.apache.org by Phillips Nathan <np...@pointserve.com> on 2002/02/01 22:50:14 UTC

New Authentication feature doesn't appear to work correctly.

I've been able to get the Basic Security authentication feature in the
Cactus example to work with my Security Realm.  However, I've not been able
to actually apply it to my own secured servlets.  Only the
ServletTestRedirector.  I've ran into two major problems which appear to be
with Cactus.

1) I am unable to get the example to run with any other servlet than the
ServletTestRedirector when secured.

This works:
    <servlet>
        <servlet-name>FrontController</servlet-name>
 
<servlet-class>org.apache.cactus.server.ServletTestRedirector</servlet-class
>
        <security-role-ref>
            <role-name>my_user</role-name>
            <role-link>my_user</role-link>
        </security-role-ref>
    </servlet>

but when I use one of my own protected servlets as in: 
        <servlet-class>com.somewhere.MyServlet</servlet-class>
it does not.

2)  If the url-pattern name does not match the servlet name, then Cactus
doesn't work.

This works:
    <servlet-mapping>
        <servlet-name>FrontController</servlet-name>
        <url-pattern>/FrontController/*</url-pattern>
    </servlet-mapping> 

This does not:
    <servlet-mapping>
        <servlet-name>FrontController</servlet-name>
        <url-pattern>/servlet/*</url-pattern>
    </servlet-mapping>

Of course the <security-constraint> tags have been altered to reflect each
test correctly.  Am I misunderstanding how to use the security feature in
Cactus or are these problems?  Thanks for your help.

Error message in both cases:
java.lang.NullPointerException
at org.apache.cactus.client.AbstractHttpClient.doTest$ajcPostAround10

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: New Authentication feature doesn't appear to work correctly.

Posted by Vincent Massol <vm...@octo.com>.

Nathan,

This is actually not a bug but a feature ...  (hehe ... looks like a
Microsoft moto, isn't it :-)).

The way security works with Cactus 1.3 is by securing _only_ the
ServletRedirector. The servlet you're testing is actually never tested
as a real servlet but as a simple java class (instanciated using a "new"
in the test case). The redirector is acting as a proxy (this is true
also for security). This answers point 1).

WRT point 2), you can user whatever mapping you wish but you need to
tell Cactus what URL to use to call the Redirector. This is done by
editing your cactus.properties file and modifying the URL.

Hope it helps
-Vincent

> -----Original Message-----
> From: Phillips Nathan [mailto:nphillips@pointserve.com]
> Sent: 01 February 2002 21:50
> To: 'cactus-user@jakarta.apache.org'
> Subject: New Authentication feature doesn't appear to work correctly.
> 
> I've been able to get the Basic Security authentication feature in the
> Cactus example to work with my Security Realm.  However, I've not been
> able
> to actually apply it to my own secured servlets.  Only the
> ServletTestRedirector.  I've ran into two major problems which appear
to
> be
> with Cactus.
> 
> 1) I am unable to get the example to run with any other servlet than
the
> ServletTestRedirector when secured.
> 
> This works:
>     <servlet>
>         <servlet-name>FrontController</servlet-name>
> 
>
<servlet-class>org.apache.cactus.server.ServletTestRedirector</servlet-
> class
> >
>         <security-role-ref>
>             <role-name>my_user</role-name>
>             <role-link>my_user</role-link>
>         </security-role-ref>
>     </servlet>
> 
> but when I use one of my own protected servlets as in:
>         <servlet-class>com.somewhere.MyServlet</servlet-class>
> it does not.
> 
> 2)  If the url-pattern name does not match the servlet name, then
Cactus
> doesn't work.
> 
> This works:
>     <servlet-mapping>
>         <servlet-name>FrontController</servlet-name>
>         <url-pattern>/FrontController/*</url-pattern>
>     </servlet-mapping>
> 
> This does not:
>     <servlet-mapping>
>         <servlet-name>FrontController</servlet-name>
>         <url-pattern>/servlet/*</url-pattern>
>     </servlet-mapping>
> 
> Of course the <security-constraint> tags have been altered to reflect
each
> test correctly.  Am I misunderstanding how to use the security feature
in
> Cactus or are these problems?  Thanks for your help.
> 
> Error message in both cases:
> java.lang.NullPointerException
> at org.apache.cactus.client.AbstractHttpClient.doTest$ajcPostAround10
> 
> --
> To unsubscribe, e-mail:   <mailto:cactus-user-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:cactus-user-
> help@jakarta.apache.org>
> 




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>