[ http://issues.apache.org/jira/browse/GERONIMO-2379?page=comments#action_12433498 ] Paul McMahan commented on GERONIMO-2379: ----------------------------------------
Comments on the patch: General comment is that many of the prompts use the forms internal variable name instead of the display name. This is confusing, for example, when the display name is "Log File" but the form variable name is "auditPath". Your comment above says: > 2. For Properties File and Certificate Properties File Realms, validates the > usersURI and groupsURI fields. Checks for empty strings. Looks like this part was left out of the patch. I can leave both entries blank and submit to get a stack trace in the console. The change to advanced.jsp does not work correctly because if the "Enable Auditing" checkbox is not clicked then validateForm() will always return false, so the user cannot create a realm unless auditing is enabled. Also when Enable Lockout is selected the extra fields are checked for being numerical but not for being empty. The change to _sql.jsp doesn't work. If I click the 'Next' button without specifying any values I get a stack trace and an empty browser page. In certain places I get a benign(?) javascript error popup window saying something like: Error: 'userSelect' is undefined followed by a blank browser window. For example when I creating a properties file realm. You should be able to see this by selecting "display a notification about every script error" in your browser settings. In MasterLoginModuleInfo.java the "xxx.blankAllowed" property should be trimmed before comparison. > Security Realms portlet - form field validation using javascript > ---------------------------------------------------------------- > > Key: GERONIMO-2379 > URL: http://issues.apache.org/jira/browse/GERONIMO-2379 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: console > Affects Versions: 1.1.1 > Environment: WinXP, Sun JDK 1.4.2_08, G-1.1.1-rc1 > Reporter: Vamsavardhana Reddy > Fix For: 1.1.2, 1.1.x, 1.2 > > Attachments: GERONIMO-2379-removedtabs.patch, GERONIMO-2379.patch > > > Security Realm portlet pages do not perform any field validations before > submitting the form. Some of the fields can be validated using javascript. > Even though it is not complete validation of every field, checks can be put > in place for non empty strings, non numerical values etc. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
