RE: FormAuthentication and Error Code 500
Hi Kazuhito, Unfortunately I haven't been able to spend any more time on this problem since my last post. If I get some time over the next few days I'll find out what exactly is going on and I'll let you guys know. Thanks, Setanta. -Original Message- From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED] Sent: 20 November 2004 07:56 To: [EMAIL PROTECTED] Subject: Re: FormAuthentication and Error Code 500 Hi Setanta, Could you post server log? We need more detail to understand what's going on. In article [EMAIL PROTECTED], Thu, 18 Nov 2004 13:25:02 -, Setanta Mathews [EMAIL PROTECTED] wrote: smathews The authentication must be working. Part of the test in question calls an smathews EJB that does the following check: smathews smathews principal = sessionContext.getCallerPrincipal(); smathews name = principal.getName(); smathews System.out.println(User Id: + name); smathews if (name.equals(anonymous) || name.equals(guest)) smathews throw new PrincipalException(Principal must be authenticated); smathews smathews Without the begin method in my test the principal name is guest and a smathews PrincipalException will be thrown. With the begin method the principal name smathews is 0 (so authentication must have happened) and no exception is thrown. If the purpose of the authentication is to get a principal name, and you think the FormAuthentication goes worng, you might try to use the BasicAuthentication for your unit-testing of EJBs. smathews I agree that setting the expected response code to 500 is dangerous smathews but I can't spend too much more time trying to get my tests running. I don't think that is a good idea. It may take long time to solve your problem with FormAuthentication, but it cannot be a reason to bypassing the problem by such unusual approach. I suggest you to use more simple authentication for your tests. Regards, Kazuhito SUGURI mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FormAuthentication and Error Code 500
Hi Setanta, Could you post server log? We need more detail to understand what's going on. In article [EMAIL PROTECTED], Thu, 18 Nov 2004 13:25:02 -, Setanta Mathews [EMAIL PROTECTED] wrote: smathews The authentication must be working. Part of the test in question calls an smathews EJB that does the following check: smathews smathews principal = sessionContext.getCallerPrincipal(); smathews name = principal.getName(); smathews System.out.println(User Id: + name); smathews if (name.equals(anonymous) || name.equals(guest)) smathews throw new PrincipalException(Principal must be authenticated); smathews smathews Without the begin method in my test the principal name is guest and a smathews PrincipalException will be thrown. With the begin method the principal name smathews is 0 (so authentication must have happened) and no exception is thrown. If the purpose of the authentication is to get a principal name, and you think the FormAuthentication goes worng, you might try to use the BasicAuthentication for your unit-testing of EJBs. smathews I agree that setting the expected response code to 500 is dangerous smathews but I can't spend too much more time trying to get my tests running. I don't think that is a good idea. It may take long time to solve your problem with FormAuthentication, but it cannot be a reason to bypassing the problem by such unusual approach. I suggest you to use more simple authentication for your tests. Regards, Kazuhito SUGURI mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
FormAuthentication and Error Code 500
Hi All,
I've just started using cactus and I am having a problem getting the
FormAuthentication working properly. I searched the web and mailing lists
already and couldn't find a solution.
My begin method for my test method A looks like:
public void beginA(WebRequest theRequest)
{
theRequest.setRedirectorName(ServletRedirectorSecure);
FormAuthentication fa = new FormAuthentication(0,
qUqP5cyxm6YcTAhz05Hph5gvu9M=);
theRequest.setAuthentication(fa);
}
I can confirm that the ServletRedirectorSecure is configured as a secure
resource in my web.xml.
The problem I'm having is that I'm getting the following exception on the
client side when I try to run the test with the Cactus ant task (this is
pulled from the XML log generated by the task):
org.apache.commons.httpclient.HttpRecoverableException:
org.apache.commons.httpclient.HttpRecoverableException: Error in parsing the
status line from the response: unable to find line starting with
quot;HTTPquot;
at
org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase.jav
a:1892)
The HTTP traffic is
1 - Cactus Request
GET /ServletRedirectorSecure? HTTP/1.1
Content-type: application/x-www-form-urlencoded
User-Agent: Jakarta Commons-HttpClient/2.0rc1
Host: localhost:8889
2 - OC4J Response
HTTP/1.1 200 OK
Date: Thu, 18 Nov 2004 10:43:46 GMT
Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
Content-Location:
http://localhost:8889/jsp/html/portlet/my_account/j_login.jsp
Set-Cookie: JSESSIONID=b3eabbf09d734b998c79d15602741b8c; Path=/
Connection: Close
Content-Type: text/html;charset=ISO-8859-1
Cache-Control: no-cache
Transfer-Encoding: chunked
3 - Cactus Request
POST /j_security_check? HTTP/1.1
Content-type: application/x-www-form-urlencoded
User-Agent: Jakarta Commons-HttpClient/2.0rc1
Host: localhost:8889
Cookie: $Version=0; JSESSIONID=b3eabbf09d734b998c79d15602741b8c
Content-Length: 54
j_username=0j_password=qUqP5cyxm6YcTAhz05Hph5gvu9M%3D
4 - OC4J Response
HTTP/1.1 100 Continue
Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
Date: Thu, 18 Nov 2004 10:43:47 GMT
The HTTP traffic would suggest that the authentication has been successful
but cactus doesn't get a response that it expects.
Any help would be greatly appreciated,
Thanks,
Setanta Mathews.
P.S. The full stack trace of the exception is:
org.apache.cactus.util.ChainedRuntimeException: Failed to authenticate the
principal
at
org.apache.cactus.client.authentication.FormAuthentication.authenticate_arou
ndBody10(FormAuthentication.java:383)
at
org.apache.cactus.client.authentication.FormAuthentication.authenticate_arou
ndBody11$advice(FormAuthentication.java:117)
at
org.apache.cactus.client.authentication.FormAuthentication.authenticate(Form
Authentication.java)
at
org.apache.cactus.client.authentication.FormAuthentication.configure_aroundB
ody0(FormAuthentication.java:105)
at
org.apache.cactus.client.authentication.FormAuthentication.configure_aroundB
ody1$advice(FormAuthentication.java:117)
at
org.apache.cactus.client.authentication.FormAuthentication.configure(FormAut
hentication.java)
at
org.apache.cactus.internal.client.connector.http.HttpClientConnectionHelper.
connect_aroundBody0(HttpClientConnectionHelper.java:103)
at
org.apache.cactus.internal.client.connector.http.HttpClientConnectionHelper.
connect_aroundBody1$advice(HttpClientConnectionHelper.java:188)
at
org.apache.cactus.internal.client.connector.http.HttpClientConnectionHelper.
connect(HttpClientConnectionHelper.java)
at
org.apache.cactus.internal.client.connector.http.DefaultHttpClient.callRunTe
st(DefaultHttpClient.java:162)
at
org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_ar
oundBody0(DefaultHttpClient.java:80)
at
org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest_ar
oundBody1$advice(DefaultHttpClient.java:188)
at
org.apache.cactus.internal.client.connector.http.DefaultHttpClient.doTest(De
faultHttpClient.java)
at
org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runWebT
est(HttpProtocolHandler.java:159)
at
org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest
_aroundBody0(HttpProtocolHandler.java:80)
at
org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest
_aroundBody1$advice(HttpProtocolHandler.java:188)
at
org.apache.cactus.internal.client.connector.http.HttpProtocolHandler.runTest
(HttpProtocolHandler.java)
at
org.apache.cactus.internal.client.ClientTestCaseCaller.runTest(ClientTestCas
eCaller.java:144)
at
org.apache.cactus.internal.AbstractCactusTestCase.runBareClient(AbstractCact
usTestCase.java:215)
at
org.apache.cactus.internal.AbstractCactusTestCase.runBare(AbstractCactusTest
Re: FormAuthentication and Error Code 500
Hi Setanta,
In article [EMAIL PROTECTED],
Thu, 18 Nov 2004 11:03:53 -,
Setanta Mathews [EMAIL PROTECTED] wrote:
smathews public void beginA(WebRequest theRequest)
smathews {
smathews theRequest.setRedirectorName(ServletRedirectorSecure);
smathews FormAuthentication fa = new FormAuthentication(0,
smathews qUqP5cyxm6YcTAhz05Hph5gvu9M=);
smathews theRequest.setAuthentication(fa);
smathews }
Is the password qUqP5cyxm6YcTAhz05Hph5gvu9M= base-64 encoded?
Your system may stores passwords with encrypted and base-64 encoded form,
however, you should give a password with plain text form to the system.
So, you should pass a plain password to the constructor, I guess.
smathews The HTTP traffic is
smathews
smathews 1 - Cactus Request
smathews
smathews GET /ServletRedirectorSecure? HTTP/1.1
smathews Content-type: application/x-www-form-urlencoded
smathews User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews Host: localhost:8889
smathews
smathews 2 - OC4J Response
smathews
smathews HTTP/1.1 200 OK
smathews Date: Thu, 18 Nov 2004 10:43:46 GMT
smathews Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews Content-Location:
smathews http://localhost:8889/jsp/html/portlet/my_account/j_login.jsp
smathews Set-Cookie: JSESSIONID=b3eabbf09d734b998c79d15602741b8c; Path=/
smathews Connection: Close
smathews Content-Type: text/html;charset=ISO-8859-1
smathews Cache-Control: no-cache
smathews Transfer-Encoding: chunked
smathews
smathews 3 - Cactus Request
smathews
smathews POST /j_security_check? HTTP/1.1
smathews Content-type: application/x-www-form-urlencoded
smathews User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews Host: localhost:8889
smathews Cookie: $Version=0; JSESSIONID=b3eabbf09d734b998c79d15602741b8c
smathews Content-Length: 54
smathews
smathews j_username=0j_password=qUqP5cyxm6YcTAhz05Hph5gvu9M%3D
smathews
smathews 4 - OC4J Response
smathews
smathews HTTP/1.1 100 Continue
smathews Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews Date: Thu, 18 Nov 2004 10:43:47 GMT
The last response means that the authentication is not completed.
I'm not sure why your container responses with status 100, however,
this may make your case, i.e. unable to find line starting with HTTP.
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: FormAuthentication and Error Code 500
Hi,
Thanks for the reply.
I think the password is okay. If I change it to something else I get a 403
(forbidden) error response code:
java.lang.Exception: Received a status code [403] and was expecting a [302]
Now things get a little bit strange ...
I think the HTTP sniffer I was using (HTTPLook) might have somehow been
interfering with HTTP traffic. After turning it off and running my test
again I got the following cactus error:
java.lang.Exception: Received a status code [500] and was expecting a [302]
And in my OC4J application.log you can see that the 500 Error was caused by
something I've seen in mailing list archives quite a bit:
javax.servlet.ServletException: Missing service name parameter
[Cactus_Service] in HTTP request. Received query string is [].
Now, if I change by begin method to expect a response code of 500 ...
public void beginA(WebRequest theRequest)
{
theRequest.setRedirectorName(ServletRedirectorSecure);
FormAuthentication fa = new FormAuthentication(0,
qUqP5cyxm6YcTAhz05Hph5gvu9M=);
fa.setExpectedAuthResponse(500);
theRequest.setAuthentication(fa);
}
... guess what? The test runs fine. I'm still getting the application error
but I'm guessing that's because something in the web-app (I've only just
started working on it and I'm not too familiar with it just yet) tries to
process the original request to the ServletRedirectorSecure and there was no
Cactus_Service request parameter.
Out of curiosity I set the redirector name to the following in my begin
method:
theRequest.setRedirectorName(ServletRedirectorSecure?Cactus_Service=GET_VER
SION);
But I still get the 500 error.
Anyway, if a call to setExpectedAuthResponse(500) gets my tests running then
I'm happy for the time being.
Thanks,
Setanta.
-Original Message-
From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED]
Sent: 18 November 2004 11:22
To: [EMAIL PROTECTED]
Subject: Re: FormAuthentication and Error Code 500
Hi Setanta,
In article [EMAIL PROTECTED],
Thu, 18 Nov 2004 11:03:53 -,
Setanta Mathews [EMAIL PROTECTED] wrote:
smathews public void beginA(WebRequest theRequest)
smathews {
smathews
theRequest.setRedirectorName(ServletRedirectorSecure);
smathews FormAuthentication fa = new FormAuthentication(0,
smathews qUqP5cyxm6YcTAhz05Hph5gvu9M=);
smathews theRequest.setAuthentication(fa);
smathews }
Is the password qUqP5cyxm6YcTAhz05Hph5gvu9M= base-64 encoded?
Your system may stores passwords with encrypted and base-64 encoded form,
however, you should give a password with plain text form to the system.
So, you should pass a plain password to the constructor, I guess.
smathews The HTTP traffic is
smathews
smathews 1 - Cactus Request
smathews
smathews GET /ServletRedirectorSecure? HTTP/1.1
smathews Content-type: application/x-www-form-urlencoded
smathews User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews Host: localhost:8889
smathews
smathews 2 - OC4J Response
smathews
smathews HTTP/1.1 200 OK
smathews Date: Thu, 18 Nov 2004 10:43:46 GMT
smathews Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews Content-Location:
smathews http://localhost:8889/jsp/html/portlet/my_account/j_login.jsp
smathews Set-Cookie: JSESSIONID=b3eabbf09d734b998c79d15602741b8c; Path=/
smathews Connection: Close
smathews Content-Type: text/html;charset=ISO-8859-1
smathews Cache-Control: no-cache
smathews Transfer-Encoding: chunked
smathews
smathews 3 - Cactus Request
smathews
smathews POST /j_security_check? HTTP/1.1
smathews Content-type: application/x-www-form-urlencoded
smathews User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews Host: localhost:8889
smathews Cookie: $Version=0; JSESSIONID=b3eabbf09d734b998c79d15602741b8c
smathews Content-Length: 54
smathews
smathews j_username=0j_password=qUqP5cyxm6YcTAhz05Hph5gvu9M%3D
smathews
smathews 4 - OC4J Response
smathews
smathews HTTP/1.1 100 Continue
smathews Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews Date: Thu, 18 Nov 2004 10:43:47 GMT
The last response means that the authentication is not completed.
I'm not sure why your container responses with status 100, however,
this may make your case, i.e. unable to find line starting with HTTP.
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: FormAuthentication and Error Code 500
Hi Setanta,
In article [EMAIL PROTECTED],
Thu, 18 Nov 2004 11:56:27 -,
Setanta Mathews [EMAIL PROTECTED] wrote:
smathews I think the password is okay. If I change it to something else I get
a 403
smathews (forbidden) error response code:
Can you access to a secured resource from your browser
as a user account you are coded in beginA method?
First of all, we need to know an account (id and password)
which is available in the system.
smathews Now, if I change by begin method to expect a response code of 500 ...
smathews
smathews public void beginA(WebRequest theRequest)
smathews {
smathews theRequest.setRedirectorName(ServletRedirectorSecure);
smathews FormAuthentication fa = new FormAuthentication(0,
smathews qUqP5cyxm6YcTAhz05Hph5gvu9M=);
smathews fa.setExpectedAuthResponse(500);
smathews theRequest.setAuthentication(fa);
smathews }
I strongly suggest, don't try this approach.
# need some protection logic in setExpectedAuthResponse()?
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: FormAuthentication and Error Code 500
Hi,
The username and password are fine. I know they might look a bit odd but
they're valid. The user login page of the webapp takes in an e-mail address
and a password. It then posts to a struts action that gets the user id,
based on the email address, encrypts the password and then forwards on to a
page that automatically submits a form called j_security_check with
j_username and j_password set appropriately.
The authentication must be working. Part of the test in question calls an
EJB that does the following check:
principal = sessionContext.getCallerPrincipal();
name = principal.getName();
System.out.println(User Id: + name);
if (name.equals(anonymous) || name.equals(guest))
throw new PrincipalException(Principal must be authenticated);
Without the begin method in my test the principal name is guest and a
PrincipalException will be thrown. With the begin method the principal name
is 0 (so authentication must have happened) and no exception is thrown.
If I get the time I'll trace through what exactly is going on in the server
and post back to this list. I agree that setting the expected response code
to 500 is dangerous but I can't spend too much more time trying to get my
tests running.
Thanks,
Setanta.
-Original Message-
From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED]
Sent: 18 November 2004 12:18
To: [EMAIL PROTECTED]
Subject: Re: FormAuthentication and Error Code 500
Hi Setanta,
In article [EMAIL PROTECTED],
Thu, 18 Nov 2004 11:56:27 -,
Setanta Mathews [EMAIL PROTECTED] wrote:
smathews I think the password is okay. If I change it to something else I
get a 403
smathews (forbidden) error response code:
Can you access to a secured resource from your browser
as a user account you are coded in beginA method?
First of all, we need to know an account (id and password)
which is available in the system.
smathews Now, if I change by begin method to expect a response code of 500
...
smathews
smathews public void beginA(WebRequest theRequest)
smathews {
smathews theRequest.setRedirectorName(ServletRedirectorSecure);
smathews FormAuthentication fa = new FormAuthentication(0,
smathews qUqP5cyxm6YcTAhz05Hph5gvu9M=);
smathews fa.setExpectedAuthResponse(500);
smathews theRequest.setAuthentication(fa);
smathews }
I strongly suggest, don't try this approach.
# need some protection logic in setExpectedAuthResponse()?
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
