Hi,
The username and password are fine. I know they might look a bit odd but
they're valid. The user login page of the webapp takes in an e-mail address
and a password. It then posts to a struts action that gets the user id,
based on the email address, encrypts the password and then forwards on to a
page that automatically submits a form called j_security_check with
j_username and j_password set appropriately.
The authentication must be working. Part of the test in question calls an
EJB that does the following check:
principal = sessionContext.getCallerPrincipal();
name = principal.getName();
System.out.println("User Id: " + name);
if (name.equals("anonymous") || name.equals("guest"))
throw new PrincipalException("Principal must be authenticated");
Without the begin method in my test the principal name is "guest" and a
PrincipalException will be thrown. With the begin method the principal name
is "0" (so authentication must have happened) and no exception is thrown.
If I get the time I'll trace through what exactly is going on in the server
and post back to this list. I agree that setting the expected response code
to 500 is dangerous but I can't spend too much more time trying to get my
tests running.
Thanks,
Setanta.
-----Original Message-----
From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED]
Sent: 18 November 2004 12:18
To: [EMAIL PROTECTED]
Subject: Re: FormAuthentication and Error Code 500
Hi Setanta,
In article <[EMAIL PROTECTED]>,
Thu, 18 Nov 2004 11:56:27 -0000,
Setanta Mathews <[EMAIL PROTECTED]> wrote:
smathews> I think the password is okay. If I change it to something else I
get a 403
smathews> (forbidden) error response code:
Can you access to a secured resource from your browser
as a user account you are coded in beginA method?
First of all, we need to know an account (id and password)
which is available in the system.
smathews> Now, if I change by begin method to expect a response code of 500
...
smathews>
smathews> public void beginA(WebRequest theRequest)
smathews> {
smathews> theRequest.setRedirectorName("ServletRedirectorSecure");
smathews> FormAuthentication fa = new FormAuthentication("0",
smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M=");
smathews> fa.setExpectedAuthResponse(500);
smathews> theRequest.setAuthentication(fa);
smathews> }
I strongly suggest, don't try this approach.
# need some protection logic in setExpectedAuthResponse()?
Regards,
----
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
