RE: FormAuthentication and Error Code 500
Hi Kazuhito,
Unfortunately I haven't been able to spend any more time on this problem
since my last post. If I get some time over the next few days I'll find out
what exactly is going on and I'll let you guys know.
Thanks,
Setanta.
-Original Message-
From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED]
Sent: 20 November 2004 07:56
To: [EMAIL PROTECTED]
Subject: Re: FormAuthentication and Error Code 500
Hi Setanta,
Could you post server log?
We need more detail to understand what's going on.
In article <[EMAIL PROTECTED]>,
Thu, 18 Nov 2004 13:25:02 -,
Setanta Mathews <[EMAIL PROTECTED]> wrote:
smathews> The authentication must be working. Part of the test in question
calls an
smathews> EJB that does the following check:
smathews>
smathews> principal = sessionContext.getCallerPrincipal();
smathews> name = principal.getName();
smathews> System.out.println("User Id: " + name);
smathews> if (name.equals("anonymous") || name.equals("guest"))
smathews> throw new PrincipalException("Principal must be
authenticated");
smathews>
smathews> Without the begin method in my test the principal name is "guest"
and a
smathews> PrincipalException will be thrown. With the begin method the
principal name
smathews> is "0" (so authentication must have happened) and no exception is
thrown.
If the purpose of the authentication is to get a principal name,
and you think the FormAuthentication goes worng,
you might try to use the BasicAuthentication for your unit-testing of EJBs.
smathews> I agree that setting the expected response code to 500 is
dangerous
smathews> but I can't spend too much more time trying to get my tests
running.
I don't think that is a good idea.
It may take long time to solve your problem with FormAuthentication,
but it cannot be a reason to bypassing the problem by such unusual approach.
I suggest you to use more simple authentication for your tests.
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: FormAuthentication and Error Code 500
Hi Setanta,
Could you post server log?
We need more detail to understand what's going on.
In article <[EMAIL PROTECTED]>,
Thu, 18 Nov 2004 13:25:02 -,
Setanta Mathews <[EMAIL PROTECTED]> wrote:
smathews> The authentication must be working. Part of the test in question
calls an
smathews> EJB that does the following check:
smathews>
smathews> principal = sessionContext.getCallerPrincipal();
smathews> name = principal.getName();
smathews> System.out.println("User Id: " + name);
smathews> if (name.equals("anonymous") || name.equals("guest"))
smathews> throw new PrincipalException("Principal must be authenticated");
smathews>
smathews> Without the begin method in my test the principal name is "guest" and
a
smathews> PrincipalException will be thrown. With the begin method the
principal name
smathews> is "0" (so authentication must have happened) and no exception is
thrown.
If the purpose of the authentication is to get a principal name,
and you think the FormAuthentication goes worng,
you might try to use the BasicAuthentication for your unit-testing of EJBs.
smathews> I agree that setting the expected response code to 500 is dangerous
smathews> but I can't spend too much more time trying to get my tests running.
I don't think that is a good idea.
It may take long time to solve your problem with FormAuthentication,
but it cannot be a reason to bypassing the problem by such unusual approach.
I suggest you to use more simple authentication for your tests.
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: FormAuthentication and Error Code 500
Hi,
The username and password are fine. I know they might look a bit odd but
they're valid. The user login page of the webapp takes in an e-mail address
and a password. It then posts to a struts action that gets the user id,
based on the email address, encrypts the password and then forwards on to a
page that automatically submits a form called j_security_check with
j_username and j_password set appropriately.
The authentication must be working. Part of the test in question calls an
EJB that does the following check:
principal = sessionContext.getCallerPrincipal();
name = principal.getName();
System.out.println("User Id: " + name);
if (name.equals("anonymous") || name.equals("guest"))
throw new PrincipalException("Principal must be authenticated");
Without the begin method in my test the principal name is "guest" and a
PrincipalException will be thrown. With the begin method the principal name
is "0" (so authentication must have happened) and no exception is thrown.
If I get the time I'll trace through what exactly is going on in the server
and post back to this list. I agree that setting the expected response code
to 500 is dangerous but I can't spend too much more time trying to get my
tests running.
Thanks,
Setanta.
-Original Message-
From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED]
Sent: 18 November 2004 12:18
To: [EMAIL PROTECTED]
Subject: Re: FormAuthentication and Error Code 500
Hi Setanta,
In article <[EMAIL PROTECTED]>,
Thu, 18 Nov 2004 11:56:27 -,
Setanta Mathews <[EMAIL PROTECTED]> wrote:
smathews> I think the password is okay. If I change it to something else I
get a 403
smathews> (forbidden) error response code:
Can you access to a secured resource from your browser
as a user account you are coded in beginA method?
First of all, we need to know an account (id and password)
which is available in the system.
smathews> Now, if I change by begin method to expect a response code of 500
...
smathews>
smathews> public void beginA(WebRequest theRequest)
smathews> {
smathews> theRequest.setRedirectorName("ServletRedirectorSecure");
smathews> FormAuthentication fa = new FormAuthentication("0",
smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M=");
smathews> fa.setExpectedAuthResponse(500);
smathews> theRequest.setAuthentication(fa);
smathews> }
I strongly suggest, don't try this approach.
# need some protection logic in setExpectedAuthResponse()?
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: FormAuthentication and Error Code 500
Hi Setanta,
In article <[EMAIL PROTECTED]>,
Thu, 18 Nov 2004 11:56:27 -,
Setanta Mathews <[EMAIL PROTECTED]> wrote:
smathews> I think the password is okay. If I change it to something else I get
a 403
smathews> (forbidden) error response code:
Can you access to a secured resource from your browser
as a user account you are coded in beginA method?
First of all, we need to know an account (id and password)
which is available in the system.
smathews> Now, if I change by begin method to expect a response code of 500 ...
smathews>
smathews> public void beginA(WebRequest theRequest)
smathews> {
smathews> theRequest.setRedirectorName("ServletRedirectorSecure");
smathews> FormAuthentication fa = new FormAuthentication("0",
smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M=");
smathews> fa.setExpectedAuthResponse(500);
smathews> theRequest.setAuthentication(fa);
smathews> }
I strongly suggest, don't try this approach.
# need some protection logic in setExpectedAuthResponse()?
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: FormAuthentication and Error Code 500
Hi,
Thanks for the reply.
I think the password is okay. If I change it to something else I get a 403
(forbidden) error response code:
java.lang.Exception: Received a status code [403] and was expecting a [302]
Now things get a little bit strange ...
I think the HTTP sniffer I was using (HTTPLook) might have somehow been
interfering with HTTP traffic. After turning it off and running my test
again I got the following cactus error:
java.lang.Exception: Received a status code [500] and was expecting a [302]
And in my OC4J application.log you can see that the 500 Error was caused by
something I've seen in mailing list archives quite a bit:
javax.servlet.ServletException: Missing service name parameter
[Cactus_Service] in HTTP request. Received query string is [].
Now, if I change by begin method to expect a response code of 500 ...
public void beginA(WebRequest theRequest)
{
theRequest.setRedirectorName("ServletRedirectorSecure");
FormAuthentication fa = new FormAuthentication("0",
"qUqP5cyxm6YcTAhz05Hph5gvu9M=");
fa.setExpectedAuthResponse(500);
theRequest.setAuthentication(fa);
}
... guess what? The test runs fine. I'm still getting the application error
but I'm guessing that's because something in the web-app (I've only just
started working on it and I'm not too familiar with it just yet) tries to
process the original request to the ServletRedirectorSecure and there was no
Cactus_Service request parameter.
Out of curiosity I set the redirector name to the following in my begin
method:
theRequest.setRedirectorName("ServletRedirectorSecure?Cactus_Service=GET_VER
SION");
But I still get the 500 error.
Anyway, if a call to setExpectedAuthResponse(500) gets my tests running then
I'm happy for the time being.
Thanks,
Setanta.
-Original Message-
From: Kazuhito SUGURI [mailto:[EMAIL PROTECTED]
Sent: 18 November 2004 11:22
To: [EMAIL PROTECTED]
Subject: Re: FormAuthentication and Error Code 500
Hi Setanta,
In article <[EMAIL PROTECTED]>,
Thu, 18 Nov 2004 11:03:53 -,
Setanta Mathews <[EMAIL PROTECTED]> wrote:
smathews> public void beginA(WebRequest theRequest)
smathews> {
smathews>
theRequest.setRedirectorName("ServletRedirectorSecure");
smathews> FormAuthentication fa = new FormAuthentication("0",
smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M=");
smathews> theRequest.setAuthentication(fa);
smathews> }
Is the password "qUqP5cyxm6YcTAhz05Hph5gvu9M=" base-64 encoded?
Your system may stores passwords with encrypted and base-64 encoded form,
however, you should give a password with plain text form to the system.
So, you should pass a plain password to the constructor, I guess.
smathews> The HTTP traffic is
smathews>
smathews> 1 - Cactus Request
smathews>
smathews> GET /ServletRedirectorSecure? HTTP/1.1
smathews> Content-type: application/x-www-form-urlencoded
smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews> Host: localhost:8889
smathews>
smathews> 2 - OC4J Response
smathews>
smathews> HTTP/1.1 200 OK
smathews> Date: Thu, 18 Nov 2004 10:43:46 GMT
smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews> Content-Location:
smathews> http://localhost:8889/jsp/html/portlet/my_account/j_login.jsp
smathews> Set-Cookie: JSESSIONID=b3eabbf09d734b998c79d15602741b8c; Path=/
smathews> Connection: Close
smathews> Content-Type: text/html;charset=ISO-8859-1
smathews> Cache-Control: no-cache
smathews> Transfer-Encoding: chunked
smathews>
smathews> 3 - Cactus Request
smathews>
smathews> POST /j_security_check? HTTP/1.1
smathews> Content-type: application/x-www-form-urlencoded
smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews> Host: localhost:8889
smathews> Cookie: $Version=0; JSESSIONID=b3eabbf09d734b998c79d15602741b8c
smathews> Content-Length: 54
smathews>
smathews> j_username=0&j_password=qUqP5cyxm6YcTAhz05Hph5gvu9M%3D
smathews>
smathews> 4 - OC4J Response
smathews>
smathews> HTTP/1.1 100 Continue
smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews> Date: Thu, 18 Nov 2004 10:43:47 GMT
The last response means that the authentication is not completed.
I'm not sure why your container responses with status 100, however,
this may make your case, i.e. "unable to find line starting with HTTP".
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: FormAuthentication and Error Code 500
Hi Setanta,
In article <[EMAIL PROTECTED]>,
Thu, 18 Nov 2004 11:03:53 -,
Setanta Mathews <[EMAIL PROTECTED]> wrote:
smathews> public void beginA(WebRequest theRequest)
smathews> {
smathews> theRequest.setRedirectorName("ServletRedirectorSecure");
smathews> FormAuthentication fa = new FormAuthentication("0",
smathews> "qUqP5cyxm6YcTAhz05Hph5gvu9M=");
smathews> theRequest.setAuthentication(fa);
smathews> }
Is the password "qUqP5cyxm6YcTAhz05Hph5gvu9M=" base-64 encoded?
Your system may stores passwords with encrypted and base-64 encoded form,
however, you should give a password with plain text form to the system.
So, you should pass a plain password to the constructor, I guess.
smathews> The HTTP traffic is
smathews>
smathews> 1 - Cactus Request
smathews>
smathews> GET /ServletRedirectorSecure? HTTP/1.1
smathews> Content-type: application/x-www-form-urlencoded
smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews> Host: localhost:8889
smathews>
smathews> 2 - OC4J Response
smathews>
smathews> HTTP/1.1 200 OK
smathews> Date: Thu, 18 Nov 2004 10:43:46 GMT
smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews> Content-Location:
smathews> http://localhost:8889/jsp/html/portlet/my_account/j_login.jsp
smathews> Set-Cookie: JSESSIONID=b3eabbf09d734b998c79d15602741b8c; Path=/
smathews> Connection: Close
smathews> Content-Type: text/html;charset=ISO-8859-1
smathews> Cache-Control: no-cache
smathews> Transfer-Encoding: chunked
smathews>
smathews> 3 - Cactus Request
smathews>
smathews> POST /j_security_check? HTTP/1.1
smathews> Content-type: application/x-www-form-urlencoded
smathews> User-Agent: Jakarta Commons-HttpClient/2.0rc1
smathews> Host: localhost:8889
smathews> Cookie: $Version=0; JSESSIONID=b3eabbf09d734b998c79d15602741b8c
smathews> Content-Length: 54
smathews>
smathews> j_username=0&j_password=qUqP5cyxm6YcTAhz05Hph5gvu9M%3D
smathews>
smathews> 4 - OC4J Response
smathews>
smathews> HTTP/1.1 100 Continue
smathews> Server: Oracle9iAS (9.0.3.0.0) Containers for J2EE
smathews> Date: Thu, 18 Nov 2004 10:43:47 GMT
The last response means that the authentication is not completed.
I'm not sure why your container responses with status 100, however,
this may make your case, i.e. "unable to find line starting with HTTP".
Regards,
Kazuhito SUGURI
mailto:[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
