RE: FormAuthentication
Hi, To add further the server side exception log says:- 11:56:31,899 ERROR [Engine] StandardWrapperValve[ServletRedirector]: Servlet.service() for servlet ServletRedirector threw exception javax.servlet.ServletException: Missing service name parameter [Cactus_Service] in HTTP request. Received query string is []. at org.apache.cactus.server.AbstractWebTestController.getServiceName(AbstractWe bTestController.java;org/apache/cactus/util/log/LogAspect.aj(1k):205) at org.apache.cactus.server.AbstractWebTestController.handleRequest$ajcPostArou nd7(AbstractWebTestController.java;org/apache/cactus/util/log/LogAspect.aj(1 k):117) at org.apache.cactus.server.AbstractWebTestController.handleRequest$ajcPostArou nd7$ajcVoidWrapper(AbstractWebTestController.java;org/apache/cactus/util/log /LogAspect.aj(1k) ) at org.apache.cactus.server.AbstractWebTestController.handleRequest(AbstractWeb TestController.java;org/apache/cactus/util/log/LogAspect.aj(1k):1151) at org.apache.cactus.server.ServletTestRedirector.doPost$ajcPostAround10(Servle tTestRedirector.java;org/apache/cactus/util/log/LogAspect.aj(1k):125) at org.apache.cactus.server.ServletTestRedirector.doPost$ajcPostAround10$ajcVoi dWrapper(ServletTestRedirector.java;org/apache/cactus/util/log/LogAspect.aj( 1k)) at org.apache.cactus.server.ServletTestRedirector.doPost(ServletTestRedirector. java;org/apache/cactus/util/log/LogAspect.aj(1k):1151) at org.apache.cactus.server.ServletTestRedirector.doGet$ajcPostAround6(ServletT estRedirector.java;org/apache/cactus/util/log/LogAspect.aj(1k):96) at org.apache.cactus.server.ServletTestRedirector.doGet$ajcPostAround6$ajcVoidW rapper(ServletTestRedirector.java;org/apache/cactus/util/log/LogAspect.aj(1k )) at org.apache.cactus.server.ServletTestRedirector.doGet(ServletTestRedirector.j ava;org/apache/cactus/util/log/LogAspect.aj(1k):1151) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:190) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:475) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:2 46) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2347) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:468) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java: 1027) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1125 ) at java.lang.Thread.run(Thread.java:536) Pranab -Original Message- From: Dhar,
RE: FormAuthentication
One thing I notice is that cactus connects to http://localhost:8080/ServletRedirector but you have the Tomcat config url pattern as /ServletRedirectorSecure. Try removing the Secure from the end. Make the ServletRedirector servlet a secure resource. (Alternatively, you could add Secure to you cactus.properties file, but I'd say it would be better to remove it.) Let me know if that changes anything. Jason -Original Message- From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US] Sent: Friday, October 25, 2002 11:47 AM To: 'Cactus Users List' Subject: RE: FormAuthentication Hi Jason, Yes Authentication works. I am using JBoss app server. with user defined security realm/domain where all the users and roles are mapped using users.properties and roles.properties.I can run the servlet straightaway and I am asked to authenticate using a FormLogin.I have been able to set security role-mapping JSP/Servlets-to-EJB.I was trying to write test cases to test Servlet's EJB's with their roles for which I need the JBoss App Server to authenticate and set up Identity/Principal and their roles. Let me know how can I help. Pranab -- JBoss Security Realm login-config.xml:- application-policy name = IDSCONF-REALM !-- A simple server login module, which can be used when the number of users is relatively small. It uses two properties files: WEB-INF/classes/users.properties, which holds users (key) and their password (value). WEB-INF/classes/roles.properties, which holds users (key) and a comma-separated list of their roles (value). The unauthenticatedIdentity property defines the name of the principal that will be used when a null username and password are presented as is the case for an unuathenticated web client or MDB. If you want to allow such users to be authenticated add the property, e.g., unauthenticatedIdentity=nobody -- authentication login-module code = org.jboss.security.auth.spi.UsersRolesLoginModule flag = required module-option name = unauthenticatedIdentityguest/module-option /login-module /authentication /application-policy -- Tomcat Security:- security-constraint web-resource-collection web-resource-nameSecurityRestriction/web-resource-name descriptionProtect the Cactus redirector servlet./description url-pattern/ServletRedirectorSecure/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint descriptionAuthorized Users Group/description role-nameidsconf_admin/role-name role-nameidsconf_user/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameIDSCONF-REALM/realm-name form-login-config form-login-page/LoginForm.jsp/form-login-page form-error-page/LoginError.jsp/form-error-page /form-login-config /login-config security-role !-- This role is mapped to EjbRoles using the application deployment descriptor logical roles -- descriptionThe Secure ROLE/description role-nameidsconf_admin/role-name /security-role security-role !-- This role is mapped to EjbRoles using the application deployment descriptor logical roles -- descriptionThe Non Secure ROLE/description role-nameidsconf_user/role-name /security-role -- J2EE application roles:- application .. app jars. security-role !-- This role provides the mapping between Web App roles and Ejb Roles -- descriptionAdministrator Role/description role-nameidsconf_admin/role-name /security-role security-role !-- This role provides the mapping between Web App roles and Ejb Roles -- descriptionUser Role/description role-nameidsconf_user/role-name /security-role security-role !-- This role is an internal role and must not be mapped -- descriptionInternal Role/description role-nameidsconf_internal/role-name /security-role /application JBoss EJB Security mapping jboss.xml jboss security-domainjava:jaas/IDSCONF-REALM/security-domain . entity/session beans jndi mapping container-configurations !-- StatelessSession beans are secure by default -- container-configuration container-nameStandard Stateless SessionBean/container-name
RE: FormAuthentication
I think you've found a problem!
I was unaware that you could change the redirector name in the WebRequest so
I didn't deal with that scenario. If you can, change the authenticate
function to be this (add the WebRequest argument, and then use it to get the
redirector name):
public void authenticate(WebRequest theRequest)
{
//Note: This method needs refactoring. It is too complex.
try
{
// Create a helper that will connect to a restricted resource.
String resource = theRequest.getRedirectorName();
...
and pass theRequest to the authenticate function in configuration method:
if (this.sessionId == null)
{
authenticate(theRequest);
}
and give it a try.
If that fixes things I'll work up a proper patch and submit it.
Good catch!
Jason
-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Friday, October 25, 2002 1:32 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
Jason,
The servlet mapping in WEB-INF/web.xml is
!-- Cactus Servlet Redirectors --
servlet
servlet-nameServletRedirector/servlet-name
servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class
/servlet
servlet
servlet-nameServletRedirectorSecure/servlet-name
servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class
/servlet
two aliases for the same Redirector servlet and the security constraint is
on the
ServletRedirectorSecure alias.
security-constraint
web-resource-collection
web-resource-nameSecurityRestriction/web-resource-name
descriptionProtect the Cactus
redirectorservlet./description
url-pattern/ServletRedirectorSecure/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web-resource-collection
auth-constraint
descriptionAuthorized Users Group/description
role-nameidsconf_admin/role-name
role-nameidsconf_user/role-name
/auth-constraint
user-data-constraint
transport-guaranteeNONE/transport-guarantee
/user-data-constraint
/security-constraint
cactus.properties contains :-
cactus.contextURL = http://localhost:8080 only
and the testcase sets the redirector by calling :-
theRequest.setRedirectorName(ServletRedirectorSecure);
As long as I set the redirector in the test case it will override the
default redirector.
Then the question is why the default redirector is being used after the
override.
[org.apache.cactus.util.HttpURLConnection:http://localhost:8080/ServletRedir
ector]
I think I found the problem in cactus code.
I am setting redirector in the class WebRequest.redirectorName whereas the
FormAuthentication is getting the redirector name from the WebConfiguration
interface
implemented by the ServletConfiguration class which reads the redirector
name from
cactus.properties and used the default ServletRedirector if not specified.
The WebRequest wrapper should rather modify the stored configuration
object to
the new Redirector or the Servlet Configuration should check the request
object to get
the modified redirector.
/**
* @param theConfiguration the Cactus configuration
*/
public WebRequest(WebConfiguration theConfiguration)
{
this.configuration = theConfiguration;
}
/**
* Override the redirector Name defined in
codecactus.properties/code.
* This is useful to define a per test case Name (for example, if some
* test case need to have authentication turned on and not other tests,
* etc).
*
* @param theRedirectorName the new redirector Name to use
*/
public void setRedirectorName(String theRedirectorName)
{
this.redirectorName = theRedirectorName;
}
Tell me what you think.
Pranab
-Original Message-
From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com]
Sent: Friday, October 25, 2002 12:44 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
One thing I notice is that cactus connects to
http://localhost:8080/ServletRedirector but you have the Tomcat config url
pattern as /ServletRedirectorSecure. Try removing the Secure from the end.
Make the ServletRedirector servlet a secure resource. (Alternatively, you
could add Secure to you cactus.properties file, but I'd say it would be
better to remove it.)
Let me know if that changes anything.
Jason
-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Friday, October 25, 2002 11:47 AM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
Hi Jason,
Yes Authentication works. I am using JBoss app server.
with user defined security realm/domain where all the users and roles are
mapped
using users.properties and roles.properties.I can run the servlet
straightaway and
RE: FormAuthentication
Jason,
I think the resource string should be the URL (
http://localhost:8080/ServletRedirectorSecure )
String resource =
theRequest.getConfiguration().getContextURL()+/+theRequest.getRedirectorUR
L();
Pranab
-Original Message-
From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com]
Sent: Friday, October 25, 2002 1:47 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
I think you've found a problem!
I was unaware that you could change the redirector name in the WebRequest so
I didn't deal with that scenario. If you can, change the authenticate
function to be this (add the WebRequest argument, and then use it to get the
redirector name):
public void authenticate(WebRequest theRequest)
{
//Note: This method needs refactoring. It is too complex.
try
{
// Create a helper that will connect to a restricted resource.
String resource = theRequest.getRedirectorName();
...
and pass theRequest to the authenticate function in configuration method:
if (this.sessionId == null)
{
authenticate(theRequest);
}
and give it a try.
If that fixes things I'll work up a proper patch and submit it.
Good catch!
Jason
-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Friday, October 25, 2002 1:32 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
Jason,
The servlet mapping in WEB-INF/web.xml is
!-- Cactus Servlet Redirectors --
servlet
servlet-nameServletRedirector/servlet-name
servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class
/servlet
servlet
servlet-nameServletRedirectorSecure/servlet-name
servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class
/servlet
two aliases for the same Redirector servlet and the security constraint is
on the
ServletRedirectorSecure alias.
security-constraint
web-resource-collection
web-resource-nameSecurityRestriction/web-resource-name
descriptionProtect the Cactus
redirectorservlet./description
url-pattern/ServletRedirectorSecure/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web-resource-collection
auth-constraint
descriptionAuthorized Users Group/description
role-nameidsconf_admin/role-name
role-nameidsconf_user/role-name
/auth-constraint
user-data-constraint
transport-guaranteeNONE/transport-guarantee
/user-data-constraint
/security-constraint
cactus.properties contains :-
cactus.contextURL = http://localhost:8080 only
and the testcase sets the redirector by calling :-
theRequest.setRedirectorName(ServletRedirectorSecure);
As long as I set the redirector in the test case it will override the
default redirector.
Then the question is why the default redirector is being used after the
override.
[org.apache.cactus.util.HttpURLConnection:http://localhost:8080/ServletRedir
ector]
I think I found the problem in cactus code.
I am setting redirector in the class WebRequest.redirectorName whereas the
FormAuthentication is getting the redirector name from the WebConfiguration
interface
implemented by the ServletConfiguration class which reads the redirector
name from
cactus.properties and used the default ServletRedirector if not specified.
The WebRequest wrapper should rather modify the stored configuration
object to
the new Redirector or the Servlet Configuration should check the request
object to get
the modified redirector.
/**
* @param theConfiguration the Cactus configuration
*/
public WebRequest(WebConfiguration theConfiguration)
{
this.configuration = theConfiguration;
}
/**
* Override the redirector Name defined in
codecactus.properties/code.
* This is useful to define a per test case Name (for example, if some
* test case need to have authentication turned on and not other tests,
* etc).
*
* @param theRedirectorName the new redirector Name to use
*/
public void setRedirectorName(String theRedirectorName)
{
this.redirectorName = theRedirectorName;
}
Tell me what you think.
Pranab
-Original Message-
From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com]
Sent: Friday, October 25, 2002 12:44 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
One thing I notice is that cactus connects to
http://localhost:8080/ServletRedirector but you have the Tomcat config url
pattern as /ServletRedirectorSecure. Try removing the Secure from the end.
Make the ServletRedirector servlet a secure resource. (Alternatively, you
could add Secure to you cactus.properties file, but I'd say it would be
better to remove it.)
Let me know if that changes anything.
Jason
RE: FormAuthentication
Jason,
Sorry for the typo Error in my last post.it should be
getConfiguration().getContextURL()+/+theRequest.getRedirectorName();
I just compiled the code and tested it. I am getting past the authentication
now
but getting stuck somewhere after that. Somewhere down the line the
ServletRedirectorSecure
is getting switched back to ServletRedirector even though I am setting the
URL to a
secured resource.I am getting a Error 404 instead of the regulars output
from the servlet.
Pranab
I added the following in the test code
public void beginBasicAuthentication(WebRequest theRequest) {
theRequest.setURL(localhost:8080, /, /secure/idsconf,
null, null); --
theRequest.addCookie( test, test );
theRequest.setRedirectorName(ServletRedirectorSecure);
theRequest.setAuthentication( new
FormAuthentication(admin, admin));
}
public void testBasicAuthentication() {
try {
idsconfServlet servlet = new
idsconfServlet();--
servlet.init(this.config);--
servlet.doGet(this.request,this.response);--
assertEquals(admin,
request.getUserPrincipal().getName());
assertEquals(admin,
request.getRemoteUser());
assertTrue(User not in 'admin' role,
request.isUserInRole(admin));
} catch (ServletException e) {
log.error(e);
} catch (IOException e) {
log.error(e);
}
}
Debug LOG
15:25:40,563 [main] DEBUG util.UrlUtil-
getPath([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=te
stBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost
%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.
servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=ht
tpCactus_Service=CALL_TEST])
15:25:40,563 [main] DEBUG util.UrlUtil- getPath =
[/ServletRedirectorSecure]
15:25:40,563 [main] DEBUG util.UrlUtil-
getQuery([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=t
estBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhos
t%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids
.servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=h
ttpCactus_Service=CALL_TEST])
15:25:40,563 [main] DEBUG util.UrlUtil- getQuery =
[Cactus_TestMethod=testBasicAuthenticationCactus_URL_ContextPath=%2FCactus
_URL_Server=localhost%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCact
us_TestClass=com.ids.servlet.TestLoginServletCactus_AutomaticSession=trueC
actus_URL_Protocol=httpCactus_Service=CALL_TEST]
15:25:40,563 [main] DEBUG ent.HttpClientConnectionHelper -
getCookieString([simulation URL = [protocol = [http], host name =
[localhost], port = [8080], context path = [/], servlet path =
[/secure/idsconf], path info = [null], query string = [null]], automatic
session = [true], cookies = [[name = [test], value = [test], domain =
[localhost], path = [null], isSecure = [false], comment = [null], expiryDate
= [null]][name = [JSESSIONID], value = [B9D9DDE0DD962B211E36D92FBE854D67],
domain = [localhost], path = [null], isSecure = [false], comment = [null],
expiryDate = [null]]], headers = [], GET parameters = [[[Cactus_TestMethod]
= [[testBasicAuthentication]]][[Cactus_URL_ContextPath] =
[[/]]][[Cactus_URL_Server] = [[localhost:8080]]][[Cactus_URL_ServletPath] =
[[/secure/idsconf]]][[Cactus_TestClass] =
[[com.ids.servlet.TestLoginServlet]]][[Cactus_AutomaticSession] =
[[true]]][[Cactus_URL_Protocol] = [[http]]][[Cactus_Service] =
[[CALL_TEST, POST parameters = []],
[http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=testBasicAu
thenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost%3A8080C
actus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.servlet.T
estLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=httpCactus
_Service=CALL_TEST])
15:25:40,563 [main] DEBUG cactus.Cookie -
getCookiePath([simulation URL = [protocol = [http], host name =
[localhost], port = [8080], context path = [/], servlet path =
[/secure/idsconf], path info = [null], query string = [null]], automatic
session = [true], cookies = [[name = [test], value = [test], domain =
[localhost], path = [null], isSecure = [false], comment = [null], expiryDate
= [null]][name = [JSESSIONID], value = [B9D9DDE0DD962B211E36D92FBE854D67],
domain = [localhost], path = [null], isSecure = [false], comment = [null],
expiryDate = [null]]], headers = [], GET parameters = [[[Cactus_TestMethod]
= [[testBasicAuthentication]]][[Cactus_URL_ContextPath] =
[[/]]][[Cactus_URL_Server] = [[localhost:8080]]][[Cactus_URL_ServletPath] =
configuring struts1.0 with lateste version of cactus
Hi I am finding problems in configuring Jakarta struts 1.0 with cactus latest version.because the package name has changed in ths latest version of cactus...Do i have to use struts1.1B with latest version of cactus to overcome that?Or is there any fix?anyway i want to use latest version of cactus. -- To unsubscribe, e-mail: mailto:cactus-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:cactus-user-help;jakarta.apache.org
RE: FormAuthentication
Yes, you're correct with the need to get the context URL as well.
As for the rest of it, I'm not sure. I'll try looking at the log again, but
there's a lot of information there!
Jason
-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Friday, October 25, 2002 3:43 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
Jason,
Sorry for the typo Error in my last post.it should be
getConfiguration().getContextURL()+/+theRequest.getRedirectorName();
I just compiled the code and tested it. I am getting past the authentication
now
but getting stuck somewhere after that. Somewhere down the line the
ServletRedirectorSecure
is getting switched back to ServletRedirector even though I am setting the
URL to a
secured resource.I am getting a Error 404 instead of the regulars output
from the servlet.
Pranab
I added the following in the test code
public void beginBasicAuthentication(WebRequest theRequest) {
theRequest.setURL(localhost:8080, /, /secure/idsconf,
null, null); --
theRequest.addCookie( test, test );
theRequest.setRedirectorName(ServletRedirectorSecure);
theRequest.setAuthentication( new
FormAuthentication(admin, admin));
}
public void testBasicAuthentication() {
try {
idsconfServlet servlet = new
idsconfServlet();--
servlet.init(this.config);--
servlet.doGet(this.request,this.response);--
assertEquals(admin,
request.getUserPrincipal().getName());
assertEquals(admin,
request.getRemoteUser());
assertTrue(User not in 'admin' role,
request.isUserInRole(admin));
} catch (ServletException e) {
log.error(e);
} catch (IOException e) {
log.error(e);
}
}
Debug LOG
15:25:40,563 [main] DEBUG util.UrlUtil-
getPath([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=te
stBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost
%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.
servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=ht
tpCactus_Service=CALL_TEST])
15:25:40,563 [main] DEBUG util.UrlUtil- getPath =
[/ServletRedirectorSecure]
15:25:40,563 [main] DEBUG util.UrlUtil-
getQuery([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=t
estBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhos
t%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids
.servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=h
ttpCactus_Service=CALL_TEST])
15:25:40,563 [main] DEBUG util.UrlUtil- getQuery =
[Cactus_TestMethod=testBasicAuthenticationCactus_URL_ContextPath=%2FCactus
_URL_Server=localhost%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCact
us_TestClass=com.ids.servlet.TestLoginServletCactus_AutomaticSession=trueC
actus_URL_Protocol=httpCactus_Service=CALL_TEST]
15:25:40,563 [main] DEBUG ent.HttpClientConnectionHelper -
getCookieString([simulation URL = [protocol = [http], host name =
[localhost], port = [8080], context path = [/], servlet path =
[/secure/idsconf], path info = [null], query string = [null]], automatic
session = [true], cookies = [[name = [test], value = [test], domain =
[localhost], path = [null], isSecure = [false], comment = [null], expiryDate
= [null]][name = [JSESSIONID], value = [B9D9DDE0DD962B211E36D92FBE854D67],
domain = [localhost], path = [null], isSecure = [false], comment = [null],
expiryDate = [null]]], headers = [], GET parameters = [[[Cactus_TestMethod]
= [[testBasicAuthentication]]][[Cactus_URL_ContextPath] =
[[/]]][[Cactus_URL_Server] = [[localhost:8080]]][[Cactus_URL_ServletPath] =
[[/secure/idsconf]]][[Cactus_TestClass] =
[[com.ids.servlet.TestLoginServlet]]][[Cactus_AutomaticSession] =
[[true]]][[Cactus_URL_Protocol] = [[http]]][[Cactus_Service] =
[[CALL_TEST, POST parameters = []],
[http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=testBasicAu
thenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost%3A8080C
actus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.servlet.T
estLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=httpCactus
_Service=CALL_TEST])
15:25:40,563 [main] DEBUG cactus.Cookie -
getCookiePath([simulation URL = [protocol = [http], host name =
[localhost], port = [8080], context path = [/], servlet path =
[/secure/idsconf], path info = [null], query string = [null]], automatic
session = [true], cookies = [[name = [test], value = [test], domain =
[localhost], path = [null], isSecure = [false], comment = [null], expiryDate
RE: FormAuthentication
Jason,
I found the Redirector change happening at function
(AbstractHttpClient.java)
private WebTestResult callGetResult(
AbstractAuthentication theAuthentication) throws Throwable
{
WebRequest resultsRequest = new WebRequest(this.configuration); ---
here
// Add authentication details
if (theAuthentication != null)
{
resultsRequest.setAuthentication(theAuthentication);
}
// Open the second connection to get the test results
ConnectionHelper helper = ConnectionHelperFactory.getConnectionHelper(
getRedirectorURL(resultsRequest), this.configuration);
The ServletConfiguration does not contain the redirector set in WebRequest
object
instead it loads it default redirector from the cactus.properties.
this.configuration is coming from new Configuration being initialized in
ServletTestCase class
* see AbstractTestCase#createConfiguration()
*/
protected Configuration createConfiguration()
{
return new ServletConfiguration();
}
When the user sets the redirector in Webrequest that never gets updated in
the configuration.
So when getRedirectorURL() gets called in AbstractHttpClient.java which is
actually implemented
in ServletHttpClient.java as
protected String getRedirectorURL(WebRequest theRequest)
{
String url;
// Check if user has overriden the servlet redirector
if (theRequest.getRedirectorName() != null)
{
url = this.configuration.getContextURL() + /
+ theRequest.getRedirectorName();
}
else
{
url = this.configuration.getRedirectorURL();
}
return url;
}
The theRequest parameter being a newly intialized WebRequest object does not
have the
redirector set from the old request object used for Form Authentication.
Hence callResult function never goes to the Secured Servlet Redirector used
earlier to run the test.
I am not too sure if the unsecured redirector will be able to return the
results.
Maybe cactus guru's will know the answer to this design.
Pranab
-Original Message-
From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com]
Sent: Friday, October 25, 2002 6:20 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
Yes, you're correct with the need to get the context URL as well.
As for the rest of it, I'm not sure. I'll try looking at the log again, but
there's a lot of information there!
Jason
-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Friday, October 25, 2002 3:43 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication
Jason,
Sorry for the typo Error in my last post.it should be
getConfiguration().getContextURL()+/+theRequest.getRedirectorName();
I just compiled the code and tested it. I am getting past the authentication
now
but getting stuck somewhere after that. Somewhere down the line the
ServletRedirectorSecure
is getting switched back to ServletRedirector even though I am setting the
URL to a
secured resource.I am getting a Error 404 instead of the regulars output
from the servlet.
Pranab
I added the following in the test code
public void beginBasicAuthentication(WebRequest theRequest) {
theRequest.setURL(localhost:8080, /, /secure/idsconf,
null, null); --
theRequest.addCookie( test, test );
theRequest.setRedirectorName(ServletRedirectorSecure);
theRequest.setAuthentication( new
FormAuthentication(admin, admin));
}
public void testBasicAuthentication() {
try {
idsconfServlet servlet = new
idsconfServlet();--
servlet.init(this.config);--
servlet.doGet(this.request,this.response);--
assertEquals(admin,
request.getUserPrincipal().getName());
assertEquals(admin,
request.getRemoteUser());
assertTrue(User not in 'admin' role,
request.isUserInRole(admin));
} catch (ServletException e) {
log.error(e);
} catch (IOException e) {
log.error(e);
}
}
Debug LOG
15:25:40,563 [main] DEBUG util.UrlUtil-
getPath([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=te
stBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost
%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.
servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=ht
tpCactus_Service=CALL_TEST])
15:25:40,563 [main] DEBUG util.UrlUtil- getPath =
[/ServletRedirectorSecure]
15:25:40,563 [main] DEBUG util.UrlUtil-
