RE: FormAuthentication
Hi, To add further the server side exception log says:- 11:56:31,899 ERROR [Engine] StandardWrapperValve[ServletRedirector]: Servlet.service() for servlet ServletRedirector threw exception javax.servlet.ServletException: Missing service name parameter [Cactus_Service] in HTTP request. Received query string is []. at org.apache.cactus.server.AbstractWebTestController.getServiceName(AbstractWe bTestController.java;org/apache/cactus/util/log/LogAspect.aj(1k):205) at org.apache.cactus.server.AbstractWebTestController.handleRequest$ajcPostArou nd7(AbstractWebTestController.java;org/apache/cactus/util/log/LogAspect.aj(1 k):117) at org.apache.cactus.server.AbstractWebTestController.handleRequest$ajcPostArou nd7$ajcVoidWrapper(AbstractWebTestController.java;org/apache/cactus/util/log /LogAspect.aj(1k) ) at org.apache.cactus.server.AbstractWebTestController.handleRequest(AbstractWeb TestController.java;org/apache/cactus/util/log/LogAspect.aj(1k):1151) at org.apache.cactus.server.ServletTestRedirector.doPost$ajcPostAround10(Servle tTestRedirector.java;org/apache/cactus/util/log/LogAspect.aj(1k):125) at org.apache.cactus.server.ServletTestRedirector.doPost$ajcPostAround10$ajcVoi dWrapper(ServletTestRedirector.java;org/apache/cactus/util/log/LogAspect.aj( 1k)) at org.apache.cactus.server.ServletTestRedirector.doPost(ServletTestRedirector. java;org/apache/cactus/util/log/LogAspect.aj(1k):1151) at org.apache.cactus.server.ServletTestRedirector.doGet$ajcPostAround6(ServletT estRedirector.java;org/apache/cactus/util/log/LogAspect.aj(1k):96) at org.apache.cactus.server.ServletTestRedirector.doGet$ajcPostAround6$ajcVoidW rapper(ServletTestRedirector.java;org/apache/cactus/util/log/LogAspect.aj(1k )) at org.apache.cactus.server.ServletTestRedirector.doGet(ServletTestRedirector.j ava;org/apache/cactus/util/log/LogAspect.aj(1k):1151) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:190) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:475) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:2 46) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2347) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:468) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java: 1027) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1125 ) at java.lang.Thread.run(Thread.java:536) Pranab -Original Message- From: Dhar,
RE: FormAuthentication
One thing I notice is that cactus connects to http://localhost:8080/ServletRedirector but you have the Tomcat config url pattern as /ServletRedirectorSecure. Try removing the Secure from the end. Make the ServletRedirector servlet a secure resource. (Alternatively, you could add Secure to you cactus.properties file, but I'd say it would be better to remove it.) Let me know if that changes anything. Jason -Original Message- From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US] Sent: Friday, October 25, 2002 11:47 AM To: 'Cactus Users List' Subject: RE: FormAuthentication Hi Jason, Yes Authentication works. I am using JBoss app server. with user defined security realm/domain where all the users and roles are mapped using users.properties and roles.properties.I can run the servlet straightaway and I am asked to authenticate using a FormLogin.I have been able to set security role-mapping JSP/Servlets-to-EJB.I was trying to write test cases to test Servlet's EJB's with their roles for which I need the JBoss App Server to authenticate and set up Identity/Principal and their roles. Let me know how can I help. Pranab -- JBoss Security Realm login-config.xml:- application-policy name = IDSCONF-REALM !-- A simple server login module, which can be used when the number of users is relatively small. It uses two properties files: WEB-INF/classes/users.properties, which holds users (key) and their password (value). WEB-INF/classes/roles.properties, which holds users (key) and a comma-separated list of their roles (value). The unauthenticatedIdentity property defines the name of the principal that will be used when a null username and password are presented as is the case for an unuathenticated web client or MDB. If you want to allow such users to be authenticated add the property, e.g., unauthenticatedIdentity=nobody -- authentication login-module code = org.jboss.security.auth.spi.UsersRolesLoginModule flag = required module-option name = unauthenticatedIdentityguest/module-option /login-module /authentication /application-policy -- Tomcat Security:- security-constraint web-resource-collection web-resource-nameSecurityRestriction/web-resource-name descriptionProtect the Cactus redirector servlet./description url-pattern/ServletRedirectorSecure/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint descriptionAuthorized Users Group/description role-nameidsconf_admin/role-name role-nameidsconf_user/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameIDSCONF-REALM/realm-name form-login-config form-login-page/LoginForm.jsp/form-login-page form-error-page/LoginError.jsp/form-error-page /form-login-config /login-config security-role !-- This role is mapped to EjbRoles using the application deployment descriptor logical roles -- descriptionThe Secure ROLE/description role-nameidsconf_admin/role-name /security-role security-role !-- This role is mapped to EjbRoles using the application deployment descriptor logical roles -- descriptionThe Non Secure ROLE/description role-nameidsconf_user/role-name /security-role -- J2EE application roles:- application .. app jars. security-role !-- This role provides the mapping between Web App roles and Ejb Roles -- descriptionAdministrator Role/description role-nameidsconf_admin/role-name /security-role security-role !-- This role provides the mapping between Web App roles and Ejb Roles -- descriptionUser Role/description role-nameidsconf_user/role-name /security-role security-role !-- This role is an internal role and must not be mapped -- descriptionInternal Role/description role-nameidsconf_internal/role-name /security-role /application JBoss EJB Security mapping jboss.xml jboss security-domainjava:jaas/IDSCONF-REALM/security-domain . entity/session beans jndi mapping container-configurations !-- StatelessSession beans are secure by default -- container-configuration container-nameStandard Stateless SessionBean/container-name
RE: FormAuthentication
I think you've found a problem! I was unaware that you could change the redirector name in the WebRequest so I didn't deal with that scenario. If you can, change the authenticate function to be this (add the WebRequest argument, and then use it to get the redirector name): public void authenticate(WebRequest theRequest) { //Note: This method needs refactoring. It is too complex. try { // Create a helper that will connect to a restricted resource. String resource = theRequest.getRedirectorName(); ... and pass theRequest to the authenticate function in configuration method: if (this.sessionId == null) { authenticate(theRequest); } and give it a try. If that fixes things I'll work up a proper patch and submit it. Good catch! Jason -Original Message- From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US] Sent: Friday, October 25, 2002 1:32 PM To: 'Cactus Users List' Subject: RE: FormAuthentication Jason, The servlet mapping in WEB-INF/web.xml is !-- Cactus Servlet Redirectors -- servlet servlet-nameServletRedirector/servlet-name servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class /servlet servlet servlet-nameServletRedirectorSecure/servlet-name servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class /servlet two aliases for the same Redirector servlet and the security constraint is on the ServletRedirectorSecure alias. security-constraint web-resource-collection web-resource-nameSecurityRestriction/web-resource-name descriptionProtect the Cactus redirectorservlet./description url-pattern/ServletRedirectorSecure/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint descriptionAuthorized Users Group/description role-nameidsconf_admin/role-name role-nameidsconf_user/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint cactus.properties contains :- cactus.contextURL = http://localhost:8080 only and the testcase sets the redirector by calling :- theRequest.setRedirectorName(ServletRedirectorSecure); As long as I set the redirector in the test case it will override the default redirector. Then the question is why the default redirector is being used after the override. [org.apache.cactus.util.HttpURLConnection:http://localhost:8080/ServletRedir ector] I think I found the problem in cactus code. I am setting redirector in the class WebRequest.redirectorName whereas the FormAuthentication is getting the redirector name from the WebConfiguration interface implemented by the ServletConfiguration class which reads the redirector name from cactus.properties and used the default ServletRedirector if not specified. The WebRequest wrapper should rather modify the stored configuration object to the new Redirector or the Servlet Configuration should check the request object to get the modified redirector. /** * @param theConfiguration the Cactus configuration */ public WebRequest(WebConfiguration theConfiguration) { this.configuration = theConfiguration; } /** * Override the redirector Name defined in codecactus.properties/code. * This is useful to define a per test case Name (for example, if some * test case need to have authentication turned on and not other tests, * etc). * * @param theRedirectorName the new redirector Name to use */ public void setRedirectorName(String theRedirectorName) { this.redirectorName = theRedirectorName; } Tell me what you think. Pranab -Original Message- From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com] Sent: Friday, October 25, 2002 12:44 PM To: 'Cactus Users List' Subject: RE: FormAuthentication One thing I notice is that cactus connects to http://localhost:8080/ServletRedirector but you have the Tomcat config url pattern as /ServletRedirectorSecure. Try removing the Secure from the end. Make the ServletRedirector servlet a secure resource. (Alternatively, you could add Secure to you cactus.properties file, but I'd say it would be better to remove it.) Let me know if that changes anything. Jason -Original Message- From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US] Sent: Friday, October 25, 2002 11:47 AM To: 'Cactus Users List' Subject: RE: FormAuthentication Hi Jason, Yes Authentication works. I am using JBoss app server. with user defined security realm/domain where all the users and roles are mapped using users.properties and roles.properties.I can run the servlet straightaway and
RE: FormAuthentication
Jason, I think the resource string should be the URL ( http://localhost:8080/ServletRedirectorSecure ) String resource = theRequest.getConfiguration().getContextURL()+/+theRequest.getRedirectorUR L(); Pranab -Original Message- From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com] Sent: Friday, October 25, 2002 1:47 PM To: 'Cactus Users List' Subject: RE: FormAuthentication I think you've found a problem! I was unaware that you could change the redirector name in the WebRequest so I didn't deal with that scenario. If you can, change the authenticate function to be this (add the WebRequest argument, and then use it to get the redirector name): public void authenticate(WebRequest theRequest) { //Note: This method needs refactoring. It is too complex. try { // Create a helper that will connect to a restricted resource. String resource = theRequest.getRedirectorName(); ... and pass theRequest to the authenticate function in configuration method: if (this.sessionId == null) { authenticate(theRequest); } and give it a try. If that fixes things I'll work up a proper patch and submit it. Good catch! Jason -Original Message- From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US] Sent: Friday, October 25, 2002 1:32 PM To: 'Cactus Users List' Subject: RE: FormAuthentication Jason, The servlet mapping in WEB-INF/web.xml is !-- Cactus Servlet Redirectors -- servlet servlet-nameServletRedirector/servlet-name servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class /servlet servlet servlet-nameServletRedirectorSecure/servlet-name servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class /servlet two aliases for the same Redirector servlet and the security constraint is on the ServletRedirectorSecure alias. security-constraint web-resource-collection web-resource-nameSecurityRestriction/web-resource-name descriptionProtect the Cactus redirectorservlet./description url-pattern/ServletRedirectorSecure/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint descriptionAuthorized Users Group/description role-nameidsconf_admin/role-name role-nameidsconf_user/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint cactus.properties contains :- cactus.contextURL = http://localhost:8080 only and the testcase sets the redirector by calling :- theRequest.setRedirectorName(ServletRedirectorSecure); As long as I set the redirector in the test case it will override the default redirector. Then the question is why the default redirector is being used after the override. [org.apache.cactus.util.HttpURLConnection:http://localhost:8080/ServletRedir ector] I think I found the problem in cactus code. I am setting redirector in the class WebRequest.redirectorName whereas the FormAuthentication is getting the redirector name from the WebConfiguration interface implemented by the ServletConfiguration class which reads the redirector name from cactus.properties and used the default ServletRedirector if not specified. The WebRequest wrapper should rather modify the stored configuration object to the new Redirector or the Servlet Configuration should check the request object to get the modified redirector. /** * @param theConfiguration the Cactus configuration */ public WebRequest(WebConfiguration theConfiguration) { this.configuration = theConfiguration; } /** * Override the redirector Name defined in codecactus.properties/code. * This is useful to define a per test case Name (for example, if some * test case need to have authentication turned on and not other tests, * etc). * * @param theRedirectorName the new redirector Name to use */ public void setRedirectorName(String theRedirectorName) { this.redirectorName = theRedirectorName; } Tell me what you think. Pranab -Original Message- From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com] Sent: Friday, October 25, 2002 12:44 PM To: 'Cactus Users List' Subject: RE: FormAuthentication One thing I notice is that cactus connects to http://localhost:8080/ServletRedirector but you have the Tomcat config url pattern as /ServletRedirectorSecure. Try removing the Secure from the end. Make the ServletRedirector servlet a secure resource. (Alternatively, you could add Secure to you cactus.properties file, but I'd say it would be better to remove it.) Let me know if that changes anything. Jason
RE: FormAuthentication
Jason, Sorry for the typo Error in my last post.it should be getConfiguration().getContextURL()+/+theRequest.getRedirectorName(); I just compiled the code and tested it. I am getting past the authentication now but getting stuck somewhere after that. Somewhere down the line the ServletRedirectorSecure is getting switched back to ServletRedirector even though I am setting the URL to a secured resource.I am getting a Error 404 instead of the regulars output from the servlet. Pranab I added the following in the test code public void beginBasicAuthentication(WebRequest theRequest) { theRequest.setURL(localhost:8080, /, /secure/idsconf, null, null); -- theRequest.addCookie( test, test ); theRequest.setRedirectorName(ServletRedirectorSecure); theRequest.setAuthentication( new FormAuthentication(admin, admin)); } public void testBasicAuthentication() { try { idsconfServlet servlet = new idsconfServlet();-- servlet.init(this.config);-- servlet.doGet(this.request,this.response);-- assertEquals(admin, request.getUserPrincipal().getName()); assertEquals(admin, request.getRemoteUser()); assertTrue(User not in 'admin' role, request.isUserInRole(admin)); } catch (ServletException e) { log.error(e); } catch (IOException e) { log.error(e); } } Debug LOG 15:25:40,563 [main] DEBUG util.UrlUtil- getPath([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=te stBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost %3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids. servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=ht tpCactus_Service=CALL_TEST]) 15:25:40,563 [main] DEBUG util.UrlUtil- getPath = [/ServletRedirectorSecure] 15:25:40,563 [main] DEBUG util.UrlUtil- getQuery([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=t estBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhos t%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids .servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=h ttpCactus_Service=CALL_TEST]) 15:25:40,563 [main] DEBUG util.UrlUtil- getQuery = [Cactus_TestMethod=testBasicAuthenticationCactus_URL_ContextPath=%2FCactus _URL_Server=localhost%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCact us_TestClass=com.ids.servlet.TestLoginServletCactus_AutomaticSession=trueC actus_URL_Protocol=httpCactus_Service=CALL_TEST] 15:25:40,563 [main] DEBUG ent.HttpClientConnectionHelper - getCookieString([simulation URL = [protocol = [http], host name = [localhost], port = [8080], context path = [/], servlet path = [/secure/idsconf], path info = [null], query string = [null]], automatic session = [true], cookies = [[name = [test], value = [test], domain = [localhost], path = [null], isSecure = [false], comment = [null], expiryDate = [null]][name = [JSESSIONID], value = [B9D9DDE0DD962B211E36D92FBE854D67], domain = [localhost], path = [null], isSecure = [false], comment = [null], expiryDate = [null]]], headers = [], GET parameters = [[[Cactus_TestMethod] = [[testBasicAuthentication]]][[Cactus_URL_ContextPath] = [[/]]][[Cactus_URL_Server] = [[localhost:8080]]][[Cactus_URL_ServletPath] = [[/secure/idsconf]]][[Cactus_TestClass] = [[com.ids.servlet.TestLoginServlet]]][[Cactus_AutomaticSession] = [[true]]][[Cactus_URL_Protocol] = [[http]]][[Cactus_Service] = [[CALL_TEST, POST parameters = []], [http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=testBasicAu thenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost%3A8080C actus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.servlet.T estLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=httpCactus _Service=CALL_TEST]) 15:25:40,563 [main] DEBUG cactus.Cookie - getCookiePath([simulation URL = [protocol = [http], host name = [localhost], port = [8080], context path = [/], servlet path = [/secure/idsconf], path info = [null], query string = [null]], automatic session = [true], cookies = [[name = [test], value = [test], domain = [localhost], path = [null], isSecure = [false], comment = [null], expiryDate = [null]][name = [JSESSIONID], value = [B9D9DDE0DD962B211E36D92FBE854D67], domain = [localhost], path = [null], isSecure = [false], comment = [null], expiryDate = [null]]], headers = [], GET parameters = [[[Cactus_TestMethod] = [[testBasicAuthentication]]][[Cactus_URL_ContextPath] = [[/]]][[Cactus_URL_Server] = [[localhost:8080]]][[Cactus_URL_ServletPath] =
configuring struts1.0 with lateste version of cactus
Hi I am finding problems in configuring Jakarta struts 1.0 with cactus latest version.because the package name has changed in ths latest version of cactus...Do i have to use struts1.1B with latest version of cactus to overcome that?Or is there any fix?anyway i want to use latest version of cactus. -- To unsubscribe, e-mail: mailto:cactus-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:cactus-user-help;jakarta.apache.org
RE: FormAuthentication
Yes, you're correct with the need to get the context URL as well. As for the rest of it, I'm not sure. I'll try looking at the log again, but there's a lot of information there! Jason -Original Message- From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US] Sent: Friday, October 25, 2002 3:43 PM To: 'Cactus Users List' Subject: RE: FormAuthentication Jason, Sorry for the typo Error in my last post.it should be getConfiguration().getContextURL()+/+theRequest.getRedirectorName(); I just compiled the code and tested it. I am getting past the authentication now but getting stuck somewhere after that. Somewhere down the line the ServletRedirectorSecure is getting switched back to ServletRedirector even though I am setting the URL to a secured resource.I am getting a Error 404 instead of the regulars output from the servlet. Pranab I added the following in the test code public void beginBasicAuthentication(WebRequest theRequest) { theRequest.setURL(localhost:8080, /, /secure/idsconf, null, null); -- theRequest.addCookie( test, test ); theRequest.setRedirectorName(ServletRedirectorSecure); theRequest.setAuthentication( new FormAuthentication(admin, admin)); } public void testBasicAuthentication() { try { idsconfServlet servlet = new idsconfServlet();-- servlet.init(this.config);-- servlet.doGet(this.request,this.response);-- assertEquals(admin, request.getUserPrincipal().getName()); assertEquals(admin, request.getRemoteUser()); assertTrue(User not in 'admin' role, request.isUserInRole(admin)); } catch (ServletException e) { log.error(e); } catch (IOException e) { log.error(e); } } Debug LOG 15:25:40,563 [main] DEBUG util.UrlUtil- getPath([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=te stBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost %3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids. servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=ht tpCactus_Service=CALL_TEST]) 15:25:40,563 [main] DEBUG util.UrlUtil- getPath = [/ServletRedirectorSecure] 15:25:40,563 [main] DEBUG util.UrlUtil- getQuery([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=t estBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhos t%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids .servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=h ttpCactus_Service=CALL_TEST]) 15:25:40,563 [main] DEBUG util.UrlUtil- getQuery = [Cactus_TestMethod=testBasicAuthenticationCactus_URL_ContextPath=%2FCactus _URL_Server=localhost%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCact us_TestClass=com.ids.servlet.TestLoginServletCactus_AutomaticSession=trueC actus_URL_Protocol=httpCactus_Service=CALL_TEST] 15:25:40,563 [main] DEBUG ent.HttpClientConnectionHelper - getCookieString([simulation URL = [protocol = [http], host name = [localhost], port = [8080], context path = [/], servlet path = [/secure/idsconf], path info = [null], query string = [null]], automatic session = [true], cookies = [[name = [test], value = [test], domain = [localhost], path = [null], isSecure = [false], comment = [null], expiryDate = [null]][name = [JSESSIONID], value = [B9D9DDE0DD962B211E36D92FBE854D67], domain = [localhost], path = [null], isSecure = [false], comment = [null], expiryDate = [null]]], headers = [], GET parameters = [[[Cactus_TestMethod] = [[testBasicAuthentication]]][[Cactus_URL_ContextPath] = [[/]]][[Cactus_URL_Server] = [[localhost:8080]]][[Cactus_URL_ServletPath] = [[/secure/idsconf]]][[Cactus_TestClass] = [[com.ids.servlet.TestLoginServlet]]][[Cactus_AutomaticSession] = [[true]]][[Cactus_URL_Protocol] = [[http]]][[Cactus_Service] = [[CALL_TEST, POST parameters = []], [http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=testBasicAu thenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost%3A8080C actus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.servlet.T estLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=httpCactus _Service=CALL_TEST]) 15:25:40,563 [main] DEBUG cactus.Cookie - getCookiePath([simulation URL = [protocol = [http], host name = [localhost], port = [8080], context path = [/], servlet path = [/secure/idsconf], path info = [null], query string = [null]], automatic session = [true], cookies = [[name = [test], value = [test], domain = [localhost], path = [null], isSecure = [false], comment = [null], expiryDate
RE: FormAuthentication
Jason, I found the Redirector change happening at function (AbstractHttpClient.java) private WebTestResult callGetResult( AbstractAuthentication theAuthentication) throws Throwable { WebRequest resultsRequest = new WebRequest(this.configuration); --- here // Add authentication details if (theAuthentication != null) { resultsRequest.setAuthentication(theAuthentication); } // Open the second connection to get the test results ConnectionHelper helper = ConnectionHelperFactory.getConnectionHelper( getRedirectorURL(resultsRequest), this.configuration); The ServletConfiguration does not contain the redirector set in WebRequest object instead it loads it default redirector from the cactus.properties. this.configuration is coming from new Configuration being initialized in ServletTestCase class * see AbstractTestCase#createConfiguration() */ protected Configuration createConfiguration() { return new ServletConfiguration(); } When the user sets the redirector in Webrequest that never gets updated in the configuration. So when getRedirectorURL() gets called in AbstractHttpClient.java which is actually implemented in ServletHttpClient.java as protected String getRedirectorURL(WebRequest theRequest) { String url; // Check if user has overriden the servlet redirector if (theRequest.getRedirectorName() != null) { url = this.configuration.getContextURL() + / + theRequest.getRedirectorName(); } else { url = this.configuration.getRedirectorURL(); } return url; } The theRequest parameter being a newly intialized WebRequest object does not have the redirector set from the old request object used for Form Authentication. Hence callResult function never goes to the Secured Servlet Redirector used earlier to run the test. I am not too sure if the unsecured redirector will be able to return the results. Maybe cactus guru's will know the answer to this design. Pranab -Original Message- From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com] Sent: Friday, October 25, 2002 6:20 PM To: 'Cactus Users List' Subject: RE: FormAuthentication Yes, you're correct with the need to get the context URL as well. As for the rest of it, I'm not sure. I'll try looking at the log again, but there's a lot of information there! Jason -Original Message- From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US] Sent: Friday, October 25, 2002 3:43 PM To: 'Cactus Users List' Subject: RE: FormAuthentication Jason, Sorry for the typo Error in my last post.it should be getConfiguration().getContextURL()+/+theRequest.getRedirectorName(); I just compiled the code and tested it. I am getting past the authentication now but getting stuck somewhere after that. Somewhere down the line the ServletRedirectorSecure is getting switched back to ServletRedirector even though I am setting the URL to a secured resource.I am getting a Error 404 instead of the regulars output from the servlet. Pranab I added the following in the test code public void beginBasicAuthentication(WebRequest theRequest) { theRequest.setURL(localhost:8080, /, /secure/idsconf, null, null); -- theRequest.addCookie( test, test ); theRequest.setRedirectorName(ServletRedirectorSecure); theRequest.setAuthentication( new FormAuthentication(admin, admin)); } public void testBasicAuthentication() { try { idsconfServlet servlet = new idsconfServlet();-- servlet.init(this.config);-- servlet.doGet(this.request,this.response);-- assertEquals(admin, request.getUserPrincipal().getName()); assertEquals(admin, request.getRemoteUser()); assertTrue(User not in 'admin' role, request.isUserInRole(admin)); } catch (ServletException e) { log.error(e); } catch (IOException e) { log.error(e); } } Debug LOG 15:25:40,563 [main] DEBUG util.UrlUtil- getPath([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=te stBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost %3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids. servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=ht tpCactus_Service=CALL_TEST]) 15:25:40,563 [main] DEBUG util.UrlUtil- getPath = [/ServletRedirectorSecure] 15:25:40,563 [main] DEBUG util.UrlUtil-