RE: FormAuthentication and Error Code 500
Hi Kazuhito, Unfortunately I haven't been able to spend any more time on this problem since my last post. If I get some time over the next few days I'll find out what exactly is going on and I'll let you guys know. Thanks, Setanta. -Original Message- From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED] Sent: 20 November 2004 07:56 To: [EMAIL PROTECTED] Subject: Re: FormAuthentication and Error Code 500 Hi Setanta, Could you post server log? We need more detail to understand what's going on. In article <[EMAIL PROTECTED]>, Thu, 18 Nov 2004 13:25:02 -, Setanta Mathews <[EMAIL PROTECTED]> wrote: smathews> The authentication must be working. Part of the test in question calls an smathews> EJB that does the following check: smathews> smathews> principal = sessionContext.getCallerPrincipal(); smathews> name = principal.getName(); smathews> System.out.println("User Id: " + name); smathews> if (name.equals("anonymous") || name.equals("guest")) smathews> throw new PrincipalException("Principal must be authenticated"); smathews> smathews> Without the begin method in my test the principal name is "guest" and a smathews> PrincipalException will be thrown. With the begin method the principal name smathews> is "0" (so authentication must have happened) and no exception is thrown. If the purpose of the authentication is to get a principal name, and you think the FormAuthentication goes worng, you might try to use the BasicAuthentication for your unit-testing of EJBs. smathews> I agree that setting the expected response code to 500 is dangerous smathews> but I can't spend too much more time trying to get my tests running. I don't think that is a good idea. It may take long time to solve your problem with FormAuthentication, but it cannot be a reason to bypassing the problem by such unusual approach. I suggest you to use more simple authentication for your tests. Regards, Kazuhito SUGURI mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FormAuthentication and Error Code 500
Hi Setanta, Could you post server log? We need more detail to understand what's going on. In article <[EMAIL PROTECTED]>, Thu, 18 Nov 2004 13:25:02 -, Setanta Mathews <[EMAIL PROTECTED]> wrote: smathews> The authentication must be working. Part of the test in question calls an smathews> EJB that does the following check: smathews> smathews> principal = sessionContext.getCallerPrincipal(); smathews> name = principal.getName(); smathews> System.out.println("User Id: " + name); smathews> if (name.equals("anonymous") || name.equals("guest")) smathews> throw new PrincipalException("Principal must be authenticated"); smathews> smathews> Without the begin method in my test the principal name is "guest" and a smathews> PrincipalException will be thrown. With the begin method the principal name smathews> is "0" (so authentication must have happened) and no exception is thrown. If the purpose of the authentication is to get a principal name, and you think the FormAuthentication goes worng, you might try to use the BasicAuthentication for your unit-testing of EJBs. smathews> I agree that setting the expected response code to 500 is dangerous smathews> but I can't spend too much more time trying to get my tests running. I don't think that is a good idea. It may take long time to solve your problem with FormAuthentication, but it cannot be a reason to bypassing the problem by such unusual approach. I suggest you to use more simple authentication for your tests. Regards, Kazuhito SUGURI mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: FormAuthentication and Error Code 500
Hi, The username and password are fine. I know they might look a bit odd but they're valid. The user login page of the webapp takes in an e-mail address and a password. It then posts to a struts action that gets the user id, based on the email address, encrypts the password and then forwards on to a page that automatically submits a form called j_security_check with j_username and j_password set appropriately. The authentication must be working. Part of the test in question calls an EJB that does the following check: principal = sessionContext.getCallerPrincipal(); name = principal.getName(); System.out.println("User Id: " + name); if (name.equals("anonymous") || name.equals("guest")) throw new PrincipalException("Principal must be authenticated"); Without the begin method in my test the principal name is "guest" and a PrincipalException will be thrown. With the begin method the principal name is "0" (so authentication must have happened) and no exception is thrown. If I get the time I'll trace through what exactly is going on in the server and post back to this list. I agree that setting the expected response code to 500 is dangerous but I can't spend too much more time trying to get my tests running. Thanks, Setanta. -Original Message- From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED] Sent: 18 November 2004 12:18 To: [EMAIL PROTECTED] Subject: Re: FormAuthentication and Error Code 500 Hi Setanta, In article <[EMAIL PROTECTED]>, Thu, 18 Nov 2004 11:56:27 -, Setanta Mathews <[EMAIL PROTECTED]> wrote: smathews> I think the password is okay. If I change it to something else I get a 403 smathews> (forbidden) error response code: Can you access to a secured resource from your browser as a user account you are coded in beginA method? First of all, we need to know an account (id and password) which is available in the system. smathews> Now, if I change by begin method to expect a response code of 500 ... smathews> smathews> public void beginA(WebRequest theRequest) smathews> { smathews> theRequest.setRedirectorName("ServletRedirectorSecure"); smathews> FormAuthentication fa = new FormAuthentication("0", smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M="); smathews> fa.setExpectedAuthResponse(500); smathews> theRequest.setAuthentication(fa); smathews> } I strongly suggest, don't try this approach. # need some protection logic in setExpectedAuthResponse()? Regards, Kazuhito SUGURI mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FormAuthentication and Error Code 500
Hi Setanta, In article <[EMAIL PROTECTED]>, Thu, 18 Nov 2004 11:56:27 -, Setanta Mathews <[EMAIL PROTECTED]> wrote: smathews> I think the password is okay. If I change it to something else I get a 403 smathews> (forbidden) error response code: Can you access to a secured resource from your browser as a user account you are coded in beginA method? First of all, we need to know an account (id and password) which is available in the system. smathews> Now, if I change by begin method to expect a response code of 500 ... smathews> smathews> public void beginA(WebRequest theRequest) smathews> { smathews> theRequest.setRedirectorName("ServletRedirectorSecure"); smathews> FormAuthentication fa = new FormAuthentication("0", smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M="); smathews> fa.setExpectedAuthResponse(500); smathews> theRequest.setAuthentication(fa); smathews> } I strongly suggest, don't try this approach. # need some protection logic in setExpectedAuthResponse()? Regards, Kazuhito SUGURI mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: FormAuthentication and Error Code 500
Hi, Thanks for the reply. I think the password is okay. If I change it to something else I get a 403 (forbidden) error response code: java.lang.Exception: Received a status code [403] and was expecting a [302] Now things get a little bit strange ... I think the HTTP sniffer I was using (HTTPLook) might have somehow been interfering with HTTP traffic. After turning it off and running my test again I got the following cactus error: java.lang.Exception: Received a status code [500] and was expecting a [302] And in my OC4J application.log you can see that the 500 Error was caused by something I've seen in mailing list archives quite a bit: javax.servlet.ServletException: Missing service name parameter [Cactus_Service] in HTTP request. Received query string is []. Now, if I change by begin method to expect a response code of 500 ... public void beginA(WebRequest theRequest) { theRequest.setRedirectorName("ServletRedirectorSecure"); FormAuthentication fa = new FormAuthentication("0", "qUqP5cyxm6YcTAhz05Hph5gvu9M="); fa.setExpectedAuthResponse(500); theRequest.setAuthentication(fa); } ... guess what? The test runs fine. I'm still getting the application error but I'm guessing that's because something in the web-app (I've only just started working on it and I'm not too familiar with it just yet) tries to process the original request to the ServletRedirectorSecure and there was no Cactus_Service request parameter. Out of curiosity I set the redirector name to the following in my begin method: theRequest.setRedirectorName("ServletRedirectorSecure?Cactus_Service=GET_VER SION"); But I still get the 500 error. Anyway, if a call to setExpectedAuthResponse(500) gets my tests running then I'm happy for the time being. Thanks, Setanta. -Original Message- From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED] Sent: 18 November 2004 11:22 To: [EMAIL PROTECTED] Subject: Re: FormAuthentication and Error Code 500 Hi Setanta, In article <[EMAIL PROTECTED]>, Thu, 18 Nov 2004 11:03:53 -, Setanta Mathews <[EMAIL PROTECTED]> wrote: smathews> public void beginA(WebRequest theRequest) smathews> { smathews> theRequest.setRedirectorName("ServletRedirectorSecure"); smathews> FormAuthentication fa = new FormAuthentication("0", smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M="); smathews> theRequest.setAuthentication(fa); smathews> } Is the password "qUqP5cyxm6YcTAhz05Hph5gvu9M=" base-64 encoded? Your system may stores passwords with encrypted and base-64 encoded form, however, you should give a password with plain text form to the system. So, you should pass a plain password to the constructor, I guess. smathews> The HTTP traffic is smathews> smathews> 1 - Cactus Request smathews> smathews> GET /ServletRedirectorSecure? HTTP/1.1 smathews> Content-type: application/x-www-form-urlencoded smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1 smathews> Host: localhost:8889 smathews> smathews> 2 - OC4J Response smathews> smathews> HTTP/1.1 200 OK smathews> Date: Thu, 18 Nov 2004 10:43:46 GMT smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE smathews> Content-Location: smathews> http://localhost:8889/jsp/html/portlet/my_account/j_login.jsp smathews> Set-Cookie: JSESSIONID=b3eabbf09d734b998c79d15602741b8c; Path=/ smathews> Connection: Close smathews> Content-Type: text/html;charset=ISO-8859-1 smathews> Cache-Control: no-cache smathews> Transfer-Encoding: chunked smathews> smathews> 3 - Cactus Request smathews> smathews> POST /j_security_check? HTTP/1.1 smathews> Content-type: application/x-www-form-urlencoded smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1 smathews> Host: localhost:8889 smathews> Cookie: $Version=0; JSESSIONID=b3eabbf09d734b998c79d15602741b8c smathews> Content-Length: 54 smathews> smathews> j_username=0&j_password=qUqP5cyxm6YcTAhz05Hph5gvu9M%3D smathews> smathews> 4 - OC4J Response smathews> smathews> HTTP/1.1 100 Continue smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE smathews> Date: Thu, 18 Nov 2004 10:43:47 GMT The last response means that the authentication is not completed. I'm not sure why your container responses with status 100, however, this may make your case, i.e. "unable to find line starting with HTTP". Regards, Kazuhito SUGURI mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FormAuthentication and Error Code 500
Hi Setanta, In article <[EMAIL PROTECTED]>, Thu, 18 Nov 2004 11:03:53 -, Setanta Mathews <[EMAIL PROTECTED]> wrote: smathews> public void beginA(WebRequest theRequest) smathews> { smathews> theRequest.setRedirectorName("ServletRedirectorSecure"); smathews> FormAuthentication fa = new FormAuthentication("0", smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M="); smathews> theRequest.setAuthentication(fa); smathews> } Is the password "qUqP5cyxm6YcTAhz05Hph5gvu9M=" base-64 encoded? Your system may stores passwords with encrypted and base-64 encoded form, however, you should give a password with plain text form to the system. So, you should pass a plain password to the constructor, I guess. smathews> The HTTP traffic is smathews> smathews> 1 - Cactus Request smathews> smathews> GET /ServletRedirectorSecure? HTTP/1.1 smathews> Content-type: application/x-www-form-urlencoded smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1 smathews> Host: localhost:8889 smathews> smathews> 2 - OC4J Response smathews> smathews> HTTP/1.1 200 OK smathews> Date: Thu, 18 Nov 2004 10:43:46 GMT smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE smathews> Content-Location: smathews> http://localhost:8889/jsp/html/portlet/my_account/j_login.jsp smathews> Set-Cookie: JSESSIONID=b3eabbf09d734b998c79d15602741b8c; Path=/ smathews> Connection: Close smathews> Content-Type: text/html;charset=ISO-8859-1 smathews> Cache-Control: no-cache smathews> Transfer-Encoding: chunked smathews> smathews> 3 - Cactus Request smathews> smathews> POST /j_security_check? HTTP/1.1 smathews> Content-type: application/x-www-form-urlencoded smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1 smathews> Host: localhost:8889 smathews> Cookie: $Version=0; JSESSIONID=b3eabbf09d734b998c79d15602741b8c smathews> Content-Length: 54 smathews> smathews> j_username=0&j_password=qUqP5cyxm6YcTAhz05Hph5gvu9M%3D smathews> smathews> 4 - OC4J Response smathews> smathews> HTTP/1.1 100 Continue smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE smathews> Date: Thu, 18 Nov 2004 10:43:47 GMT The last response means that the authentication is not completed. I'm not sure why your container responses with status 100, however, this may make your case, i.e. "unable to find line starting with HTTP". Regards, Kazuhito SUGURI mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]