Hi Ankur,
I see, you are using ServletTestRunner.
Have you configured the ServletRedirectorSecure to be secured?
Please confirm your web.xml.
I have traced the form authentication sequence of Cactus-1.5.
The sequence was as follows:
(1) C->S [connect to protected ServletRedirector to start authentication]
GET /target-app/ServletRedirectorSecure HTTP/1.1
(2) S->C [redirect to (or return) the login form page]
HTT/1.1 302 Moved Temporarily
set-cookie: ....
Location: http://localhost:8080/target-app/login.jsp
(3) C->S [send credentials to server]
POST /target-app/j_session_check HTTP/1.1
Cookie: ....
(4) S->C [if authentication is succeeded, redirect to the protected resource]
HTT/1.1 302 Moved Temporarily
(5) C->S [start to test as normal ServletRedirector does]
GET /target-app/ServletRedirectorSecure?Cactus_Service=... HTTP/1.1
Cookie: ....
If the ServletRedirectorSecure is not portected,
the request of the step(1) will be passed to the ServletRedirectorSecure
without query. This causes the first Exception:
ankur.kumar> 18/02/2004 16:31:40> <Error> <HTTP> <101018>
ankur.kumar> <[ServletContext(id=502084,name=stockportal,context-path=/eservice)] Servl
ankur.kumar> t failed with ServletException
ankur.kumar> avax.servlet.ServletException: Missing service name parameter
ankur.kumar> [Cactus_Service] in HTTP request. Received query string i
ankur.kumar> [].
At this point, the step (2) of the sequence is changed to
(2') S->C [failed]
HTT/1.1 500 Internal Serer Error
However, Cactus's authentication process (of FormAuthentication)
does not care about that, i.e. response status is ignored
and proceed to the next step.
Before connect to the server at the step (3), the Response of the step (2')
is examined to find a set-cookie header field to set JSESSIONID,
which is expected to be exist if the sequence is proceeded successfully,
For failed step (2), however, the header field may not exists.
Then the second exception may be reported:
ankur.kumar> 004/02/18 16:31:40:911 EST [DEBUG] ClientTestCaseCaller - -Exception in
ankur.kumar> test <org.apache.cactus.util.ChainedRuntimeExce
ankur.kumar> tion: Failed to authenticate the
ankur.kumar> principal>org.apache.cactus.util.ChainedRuntimeException: Failed to
ankur.kumar> authenticate the p
ankur.kumar> incipal
[...]
ankur.kumar> ava.lang.NullPointerException: missing cookie name
ankur.kumar> at org.apache.cactus.Cookie.<init>(Cookie.java:95)
Cactus source code (FormAuthentication#authenticate) and IP packet monitor
will help you more.
I hope this will helps you.
----
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
