from:"Dhar, Pranab "

RE: FormAuthentication

2002-10-28 Thread Dhar, Pranab

Guys ,
   I got past the 404 error.It was a mistake on my part
by not mapping /ServletRedirectSecure to the ServletRedirectorSecure Alias
of the ServletRedirector Servlet.
   Thanks again for your help and understanding.

Pranab

-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Sunday, October 27, 2002 10:39 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication


Hi Jason/Vincent,
   I checked out the code changes and as expected the first call 
gets the JSESSIONID from the Server to proceed with calling the servlet
set by Webrequest.setURL() .The GET_RESULTS query now use the same
redirector.
   I am having a little glitch with the test as I am getting a 404 return
code
for a valid servlet.

...

--
To unsubscribe, e-mail:   mailto:cactus-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:cactus-user-help;jakarta.apache.org

RE: FormAuthentication

2002-10-25 Thread Dhar, Pranab

-nameUnsecure Stateless
SessionBean/container-name
security-domain/
/container-configuration
/container-configurations
/jboss
--

# A sample users.properties file for use with the UsersRolesLoginModule
# user=password
admin=admin
pkdhar=pkdhar
bob=bob
--
# A sample roles.properties file for use with the UsersRolesLoginModule
# user=role1,role2...
admin=idsconf_admin,idsconf_user
pkdhar=idsconf_user
bob=idsconf_user

-Original Message-
From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com]
Sent: Friday, October 25, 2002 11:21 AM
To: 'Cactus Users List'
Subject: RE: FormAuthentication


Buried in the stack trace is Failed to authenticate the principal. If you
try to log into the website normally using admin/admin does it work? 

What server are you using? We have test cases that work with Tomcat and
WebLogic.

Jason

-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Friday, October 25, 2002 10:10 AM
To: '[EMAIL PROTECTED]'
Subject: FormAuthentication


Hi,
   I am in a situation where I have EJB's and servlets created with security
roles defined.I need to test the Servlets and EJB's doing the authentication
in the process.I am using FormAuthentication for the secured
jsp/servlets/struts forms and actions.
  I installed cactus 1.4.1 and found out that it does'nt implement form
authentication so I am now using the nightly build 20021022 after checking
the mailing list that some gentlemen have been adding this new feature.
  My testcase is as follows:-
public void beginBasicAuthentication(WebRequest theRequest) {
theRequest.setURL(localhost:8080, /, /secure/idsconf,
null, null);
theRequest.addCookie( test, test );
theRequest.setRedirectorName(ServletRedirectorSecure);
theRequest.setAuthentication(new FormAuthentication(admin,
admin));
}
public void testBasicAuthentication() {
assertEquals(admin,
request.getUserPrincipal().getName());
assertEquals(admin, request.getRemoteUser());
assertTrue(User not in 'admin' role,
request.isUserInRole(admin));
}
I am getting this error when I run the test in Log4J DEBUG mode

-
18:00:12,899 [main] DEBUG ent.HttpClientConnectionHelper  -
getCookieString([simulation URL = [null], automatic session = [true],
cookies = [], headers = [], GET parameters = [], POST parameters = []],
[http://localhost:8080/ServletRedirector]) 
18:00:12,899 [main] DEBUG ent.HttpClientConnectionHelper  - getCookieString
= [null] 
18:00:13,891 [main] DEBUG ent.HttpClientConnectionHelper  - connect =
[org.apache.cactus.util.HttpURLConnection:http://localhost:8080/ServletRedir
ector] 
18:00:13,901 [main] DEBUG util.HttpURLConnection  -
getHeaderFieldKey([1]) 
18:00:13,901 [main] DEBUG util.HttpURLConnection  -
getHeaderFieldKey = [Connection] 
18:00:13,901 [main] DEBUG util.HttpURLConnection  -
getHeaderFieldKey([2]) 
18:00:13,901 [main] DEBUG util.HttpURLConnection  -
getHeaderFieldKey = [null] 
18:00:13,901 [main] DEBUG hentication.FormAuthentication  - Using security
check URL [http://localhost:8080/j_security_check] 
18:00:13,901 [main] DEBUG client.ConnectionHelperFactory  -
getConnectionHelper([http://localhost:8080/j_security_check],
[org.apache.cactus.util.ServletConfiguration@1dff3a2]) 
18:00:13,901 [main] DEBUG client.ConnectionHelperFactory  -
getConnectionHelper =
[org.apache.cactus.client.HttpClientConnectionHelper@1d9fd51] 
18:00:13,901 [main] DEBUG cactus.WebRequest   -
addCookie([null], [null]) 
18:00:13,901 [main] DEBUG cactus.WebRequest   -
addCookie([localhost], [null], [null]) 
18:00:13,901 [main] DEBUG servlet.TestLoginServlet- Exception in
test 
18:00:13,901 [main] DEBUG util.ChainedRuntimeException-
printStackTrace([org.apache.log4j.spi.VectorWriter@121f1d]) 
18:00:13,971 [main] DEBUG util.ChainedRuntimeException- printStackTrace

org.apache.cactus.util.ChainedRuntimeException: Failed to authenticate the
principal
at
org.apache.cactus.client.authentication.FormAuthentication.authenticate(Form
Authentication.java;org/apache/cactus/util/log/LogAspect.aj(1k):288)
at
org.apache.cactus.client.authentication.FormAuthentication.configure$ajcPost
Around13(FormAuthentication.java;org/apache/cactus/util/log/LogAspect.aj(1k)
:147)
at
org.apache.cactus.client.authentication.FormAuthentication.configure$ajcPost
Around13$ajcVoidWrapper(FormAuthentication.java;org/apache/cactus/util/log/L
ogAspect.aj(1k))
at
org.apache.cactus.client.authentication.FormAuthentication.configure(FormAut
hentication.java;org/apache/cactus/util/log

RE: FormAuthentication

2002-10-25 Thread Dhar, Pranab

Jason,
  I think the resource string should be the URL (
http://localhost:8080/ServletRedirectorSecure )
   String resource =
theRequest.getConfiguration().getContextURL()+/+theRequest.getRedirectorUR
L();

Pranab

-Original Message-
From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com]
Sent: Friday, October 25, 2002 1:47 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication


I think you've found a problem! 

I was unaware that you could change the redirector name in the WebRequest so
I didn't deal with that scenario. If you can, change the authenticate
function to be this (add the WebRequest argument, and then use it to get the
redirector name):

public void authenticate(WebRequest theRequest)
{
//Note: This method needs refactoring. It is too complex.

try
{
// Create a helper that will connect to a restricted resource.
String resource = theRequest.getRedirectorName();
...

and pass theRequest to the authenticate function in configuration method:

if (this.sessionId == null)
{
   authenticate(theRequest);
}

and give it a try.

If that fixes things I'll work up a proper patch and submit it.

Good catch!

Jason

-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Friday, October 25, 2002 1:32 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication


Jason,
  The servlet mapping in WEB-INF/web.xml is
  !-- Cactus Servlet Redirectors --
  servlet
servlet-nameServletRedirector/servlet-name
 
servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class

  /servlet
  servlet
servlet-nameServletRedirectorSecure/servlet-name
 
servlet-classorg.apache.cactus.server.ServletTestRedirector/servlet-class

  /servlet
two aliases for the same Redirector servlet and the security constraint is
on the 
ServletRedirectorSecure alias.
security-constraint
web-resource-collection
web-resource-nameSecurityRestriction/web-resource-name
descriptionProtect the Cactus
redirectorservlet./description
url-pattern/ServletRedirectorSecure/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web-resource-collection
auth-constraint
descriptionAuthorized Users Group/description
role-nameidsconf_admin/role-name
role-nameidsconf_user/role-name
/auth-constraint
user-data-constraint
transport-guaranteeNONE/transport-guarantee
/user-data-constraint
/security-constraint
cactus.properties contains :-
cactus.contextURL = http://localhost:8080   only

and the testcase sets the redirector by calling :-
theRequest.setRedirectorName(ServletRedirectorSecure);


As long as I set the redirector in the test case it will override the
default redirector.
Then the question is why the default redirector is being used after the
override.
[org.apache.cactus.util.HttpURLConnection:http://localhost:8080/ServletRedir
ector] 

I think I found the problem in cactus code.
 I am setting redirector in the class WebRequest.redirectorName whereas the 
FormAuthentication is getting the redirector name from the WebConfiguration
interface 
implemented by the ServletConfiguration class which reads the redirector
name from
cactus.properties and used the default ServletRedirector if not specified.
  The WebRequest wrapper should rather modify the stored configuration
object to
the new Redirector or the Servlet Configuration should check the request
object to get
the modified redirector. 
   /**
 * @param theConfiguration the Cactus configuration
*/
public WebRequest(WebConfiguration theConfiguration)
{
this.configuration = theConfiguration;
}
   /**
 * Override the redirector Name defined in
codecactus.properties/code.
 * This is useful to define a per test case Name (for example, if some
 * test case need to have authentication turned on and not other tests,
 * etc).
 *
 * @param theRedirectorName the new redirector Name to use
 */
public void setRedirectorName(String theRedirectorName)
{
this.redirectorName = theRedirectorName;
}

Tell me what you think.

Pranab

-Original Message-
From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com]
Sent: Friday, October 25, 2002 12:44 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication


One thing I notice is that cactus connects to
http://localhost:8080/ServletRedirector but you have the Tomcat config url
pattern as /ServletRedirectorSecure. Try removing the Secure from the end.
Make the ServletRedirector servlet a secure resource. (Alternatively, you
could add Secure to you cactus.properties file, but I'd say it would be
better to remove it.)

Let me know if that changes anything.

Jason

RE: FormAuthentication

2002-10-25 Thread Dhar, Pranab

Jason,
 Sorry for the typo Error in my last post.it should be
 getConfiguration().getContextURL()+/+theRequest.getRedirectorName();

I just compiled the code and tested it. I am getting past the authentication
now
but getting stuck somewhere after that. Somewhere down the line the
ServletRedirectorSecure
 is getting switched back to ServletRedirector even though I am setting the
URL to a
secured resource.I am getting a Error  404 instead of the regulars output
from the servlet.

Pranab

I added the following in the test code
public void beginBasicAuthentication(WebRequest theRequest) {
theRequest.setURL(localhost:8080, /, /secure/idsconf,
null, null); --
theRequest.addCookie( test, test );
theRequest.setRedirectorName(ServletRedirectorSecure);
theRequest.setAuthentication(   new
FormAuthentication(admin, admin));
}
public void testBasicAuthentication() {
try {
idsconfServlet servlet = new
idsconfServlet();--
servlet.init(this.config);--

servlet.doGet(this.request,this.response);--
assertEquals(admin,
request.getUserPrincipal().getName());
assertEquals(admin,
request.getRemoteUser());
assertTrue(User not in 'admin' role,
request.isUserInRole(admin));
} catch (ServletException e) {
log.error(e);
} catch (IOException e) {
log.error(e);
}
}


Debug LOG

15:25:40,563 [main] DEBUG util.UrlUtil-
getPath([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=te
stBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost
%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.
servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=ht
tpCactus_Service=CALL_TEST]) 
15:25:40,563 [main] DEBUG util.UrlUtil- getPath =
[/ServletRedirectorSecure] 
15:25:40,563 [main] DEBUG util.UrlUtil-
getQuery([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=t
estBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhos
t%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids
.servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=h
ttpCactus_Service=CALL_TEST]) 
15:25:40,563 [main] DEBUG util.UrlUtil- getQuery =
[Cactus_TestMethod=testBasicAuthenticationCactus_URL_ContextPath=%2FCactus
_URL_Server=localhost%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCact
us_TestClass=com.ids.servlet.TestLoginServletCactus_AutomaticSession=trueC
actus_URL_Protocol=httpCactus_Service=CALL_TEST] 
15:25:40,563 [main] DEBUG ent.HttpClientConnectionHelper  -
getCookieString([simulation URL = [protocol = [http], host name =
[localhost], port = [8080], context path = [/], servlet path =
[/secure/idsconf], path info = [null], query string = [null]], automatic
session = [true], cookies = [[name = [test], value = [test], domain =
[localhost], path = [null], isSecure = [false], comment = [null], expiryDate
= [null]][name = [JSESSIONID], value = [B9D9DDE0DD962B211E36D92FBE854D67],
domain = [localhost], path = [null], isSecure = [false], comment = [null],
expiryDate = [null]]], headers = [], GET parameters = [[[Cactus_TestMethod]
= [[testBasicAuthentication]]][[Cactus_URL_ContextPath] =
[[/]]][[Cactus_URL_Server] = [[localhost:8080]]][[Cactus_URL_ServletPath] =
[[/secure/idsconf]]][[Cactus_TestClass] =
[[com.ids.servlet.TestLoginServlet]]][[Cactus_AutomaticSession] =
[[true]]][[Cactus_URL_Protocol] = [[http]]][[Cactus_Service] =
[[CALL_TEST, POST parameters = []],
[http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=testBasicAu
thenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost%3A8080C
actus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.servlet.T
estLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=httpCactus
_Service=CALL_TEST]) 
15:25:40,563 [main] DEBUG cactus.Cookie   -
getCookiePath([simulation URL = [protocol = [http], host name =
[localhost], port = [8080], context path = [/], servlet path =
[/secure/idsconf], path info = [null], query string = [null]], automatic
session = [true], cookies = [[name = [test], value = [test], domain =
[localhost], path = [null], isSecure = [false], comment = [null], expiryDate
= [null]][name = [JSESSIONID], value = [B9D9DDE0DD962B211E36D92FBE854D67],
domain = [localhost], path = [null], isSecure = [false], comment = [null],
expiryDate = [null]]], headers = [], GET parameters = [[[Cactus_TestMethod]
= [[testBasicAuthentication]]][[Cactus_URL_ContextPath] =
[[/]]][[Cactus_URL_Server] = [[localhost:8080]]][[Cactus_URL_ServletPath] =

RE: FormAuthentication

2002-10-25 Thread Dhar, Pranab

Jason,
   I found the Redirector change happening at function
(AbstractHttpClient.java)
private WebTestResult callGetResult(
AbstractAuthentication theAuthentication) throws Throwable
{
WebRequest resultsRequest = new WebRequest(this.configuration); ---
here
  // Add authentication details
if (theAuthentication != null)
{
resultsRequest.setAuthentication(theAuthentication);
}

// Open the second connection to get the test results
 ConnectionHelper helper = ConnectionHelperFactory.getConnectionHelper(
getRedirectorURL(resultsRequest), this.configuration);

The ServletConfiguration does not contain the redirector set in WebRequest
object
instead it loads it default redirector from the cactus.properties.
   this.configuration is coming from new Configuration being initialized in 
ServletTestCase class 
 * see AbstractTestCase#createConfiguration()
 */
protected Configuration createConfiguration()
{
return new ServletConfiguration();
}
When the user sets the redirector in Webrequest that never gets updated in
the configuration.
So when getRedirectorURL() gets called in AbstractHttpClient.java which is
actually implemented 
in ServletHttpClient.java as 
protected String getRedirectorURL(WebRequest theRequest)
{
String url;

// Check if user has overriden the servlet redirector

if (theRequest.getRedirectorName() != null)
{
url = this.configuration.getContextURL() + /
+ theRequest.getRedirectorName();
}
else
{
url = this.configuration.getRedirectorURL();
}

return url;
}

The theRequest parameter being a newly intialized WebRequest object does not
have the 
redirector set from the old request object used for Form Authentication.
Hence callResult function never goes to the Secured Servlet Redirector used
earlier to run the test.
I am not too sure if the unsecured redirector will be able to return the
results.
Maybe cactus guru's will know the answer to this design.

Pranab




-Original Message-
From: Robertson, Jason [mailto:Jason.Robertson;acs-inc.com]
Sent: Friday, October 25, 2002 6:20 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication


Yes, you're correct with the need to get the context URL as well.

As for the rest of it, I'm not sure. I'll try looking at the log again, but
there's a lot of information there!

Jason

-Original Message-
From: Dhar, Pranab [mailto:Pranab.Dhar;DFA.STATE.NY.US]
Sent: Friday, October 25, 2002 3:43 PM
To: 'Cactus Users List'
Subject: RE: FormAuthentication


Jason,
 Sorry for the typo Error in my last post.it should be
 getConfiguration().getContextURL()+/+theRequest.getRedirectorName();

I just compiled the code and tested it. I am getting past the authentication
now
but getting stuck somewhere after that. Somewhere down the line the
ServletRedirectorSecure
 is getting switched back to ServletRedirector even though I am setting the
URL to a
secured resource.I am getting a Error  404 instead of the regulars output
from the servlet.

Pranab

I added the following in the test code
public void beginBasicAuthentication(WebRequest theRequest) {
theRequest.setURL(localhost:8080, /, /secure/idsconf,
null, null); --
theRequest.addCookie( test, test );
theRequest.setRedirectorName(ServletRedirectorSecure);
theRequest.setAuthentication(   new
FormAuthentication(admin, admin));
}
public void testBasicAuthentication() {
try {
idsconfServlet servlet = new
idsconfServlet();--
servlet.init(this.config);--

servlet.doGet(this.request,this.response);--
assertEquals(admin,
request.getUserPrincipal().getName());
assertEquals(admin,
request.getRemoteUser());
assertTrue(User not in 'admin' role,
request.isUserInRole(admin));
} catch (ServletException e) {
log.error(e);
} catch (IOException e) {
log.error(e);
}
}


Debug LOG

15:25:40,563 [main] DEBUG util.UrlUtil-
getPath([http://localhost:8080/ServletRedirectorSecure?Cactus_TestMethod=te
stBasicAuthenticationCactus_URL_ContextPath=%2FCactus_URL_Server=localhost
%3A8080Cactus_URL_ServletPath=%2Fsecure%2FidsconfCactus_TestClass=com.ids.
servlet.TestLoginServletCactus_AutomaticSession=trueCactus_URL_Protocol=ht
tpCactus_Service=CALL_TEST]) 
15:25:40,563 [main] DEBUG util.UrlUtil- getPath =
[/ServletRedirectorSecure] 
15:25:40,563 [main] DEBUG util.UrlUtil-
getQuery([http://localhost:8080/ServletRedirectorSecure

RE: FormAuthentication

RE: FormAuthentication

RE: FormAuthentication

RE: FormAuthentication

RE: FormAuthentication

5 matches

Site Navigation

Mail list logo

Footer information