[ http://issues.apache.org/jira/browse/GERONIMO-2379?page=comments#action_12433547 ] Vamsavardhana Reddy commented on GERONIMO-2379: -----------------------------------------------
Please note that this JIRA has a dependency on "GERONIMO-2378 Problems in JavaScript validation cod...". Some of the errors observed here will be removed once GERONIMO-2378.patch is applied. Comment: General comment is that many of the prompts use the forms internal variable name instead of the display name. This is confusing, for example, when the display name is "Log File" but the form variable name is "auditPath". Response: To account for this, either the form internal fields need to be changed to match those used in the display. Or pages should introduce a mapping from form internal variable name to the display name. The scope for confusion is less since focus is set to the field that was just invalidated. Comment: > 2. For Properties File and Certificate Properties File Realms, validates the > usersURI and groupsURI fields. Checks for empty strings. Looks like this part was left out of the patch. I can leave both entries blank and submit to get a stack trace in the console. Response: I have observed the errors you have encountered post the the patch. This happens because of page cashing. In order to get past that, please use Shift+reload after page load in the browser you use regularly. Or use a browser that you have never used to access Geronimo console. I do not know if this is a problem due to cache should be addressed in the scope of this JIRA. Comment: The change to advanced.jsp does not work correctly because if the "Enable Auditing" checkbox is not clicked then validateForm() will always return false, so the user cannot create a realm unless auditing is enabled. Response: I have missed this while testing my patch. Will revise the patch to account for this. Comment: Also when Enable Lockout is selected the extra fields are checked for being numerical but not for being empty. Response: The fix for this is in "GERONIMO-2378 Problems in JavaScript validation cod...". That's why I marked the current JIRA as "is blocked by" GERONIMO-2378. Comment: The change to _sql.jsp doesn't work. If I click the 'Next' button without specifying any values I get a stack trace and an empty browser page. Response: Empty browser page is due to an error jacc specs code. See GERONIMO-2376. Comment: In certain places I get a benign javascript error popup window saying something like: Error: 'userSelect' is undefined followed by a blank browser window. Response: The fix for this is in "GERONIMO-2378 Problems in JavaScript validation cod...". That's why I marked the current JIRA as "is blocked by" GERONIMO-2378. Comment: In MasterLoginModuleInfo.java the "xxx.blankAllowed" property should be trimmed before comparison. Response: Will revise the patch to account for this. > Security Realms portlet - form field validation using javascript > ---------------------------------------------------------------- > > Key: GERONIMO-2379 > URL: http://issues.apache.org/jira/browse/GERONIMO-2379 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: console > Affects Versions: 1.1.1 > Environment: WinXP, Sun JDK 1.4.2_08, G-1.1.1-rc1 > Reporter: Vamsavardhana Reddy > Fix For: 1.1.2, 1.1.x, 1.2 > > Attachments: GERONIMO-2379-removedtabs.patch, GERONIMO-2379.patch > > > Security Realm portlet pages do not perform any field validations before > submitting the form. Some of the fields can be validated using javascript. > Even though it is not complete validation of every field, checks can be put > in place for non empty strings, non numerical values etc. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
