Hi, The username and password are fine. I know they might look a bit odd but they're valid. The user login page of the webapp takes in an e-mail address and a password. It then posts to a struts action that gets the user id, based on the email address, encrypts the password and then forwards on to a page that automatically submits a form called j_security_check with j_username and j_password set appropriately.
The authentication must be working. Part of the test in question calls an EJB that does the following check: principal = sessionContext.getCallerPrincipal(); name = principal.getName(); System.out.println("User Id: " + name); if (name.equals("anonymous") || name.equals("guest")) throw new PrincipalException("Principal must be authenticated"); Without the begin method in my test the principal name is "guest" and a PrincipalException will be thrown. With the begin method the principal name is "0" (so authentication must have happened) and no exception is thrown. If I get the time I'll trace through what exactly is going on in the server and post back to this list. I agree that setting the expected response code to 500 is dangerous but I can't spend too much more time trying to get my tests running. Thanks, Setanta. -----Original Message----- From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED] Sent: 18 November 2004 12:18 To: [EMAIL PROTECTED] Subject: Re: FormAuthentication and Error Code 500 Hi Setanta, In article <[EMAIL PROTECTED]>, Thu, 18 Nov 2004 11:56:27 -0000, Setanta Mathews <[EMAIL PROTECTED]> wrote: smathews> I think the password is okay. If I change it to something else I get a 403 smathews> (forbidden) error response code: Can you access to a secured resource from your browser as a user account you are coded in beginA method? First of all, we need to know an account (id and password) which is available in the system. smathews> Now, if I change by begin method to expect a response code of 500 ... smathews> smathews> public void beginA(WebRequest theRequest) smathews> { smathews> theRequest.setRedirectorName("ServletRedirectorSecure"); smathews> FormAuthentication fa = new FormAuthentication("0", smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M="); smathews> fa.setExpectedAuthResponse(500); smathews> theRequest.setAuthentication(fa); smathews> } I strongly suggest, don't try this approach. # need some protection logic in setExpectedAuthResponse()? Regards, ---- Kazuhito SUGURI mailto:[EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]