JNDI Realm nor returning LDAP error codes/exceptions
Hi Can anyone help me with the problem below please? I just need a way of getting some kind of error message back to the user to say WHY they couldn't be logged on. The current realm implementations only seem to pass either a SUCCESS/FAIL back. But there could be lots of reasons why login failed e.g. server is down, account is locked etc. I have tried writing my own realm that throws a custom RuntimeException (containing an error message) but the container ultimately swallows this so my webapp can't get hold of it. I also tried returning my own custom Principal object which contains an error message (e.g. This principal is invalid for the following reason: account is locked) but of course the session is invalidated so my webapp can't get hold of that either. The Servlet Spec hints that the details of the login failure SHOULD be available, but I can't find any way of doing it. ANY help would be really appreciated. Richard Gundersen Java Developer -Original Message- From: Gundersen, Richard Sent: Wednesday, April 23, 2008 4:16 PM To: 'users@tomcat.apache.org' Subject: JNDI Realm nor returning LDAP error codes/exceptions Hi I'm using the standard JNDIRealm class to authenticate users. However if the login is unsuccessful, I am unable report the *reason* for the failure. The code for JNDIRealm.java tries to return a valid Principal object. If logging on fails - which could be for several reasons e.g. bad password, account expired, password needs changing etc - then the exception is caught, logged, and then forgotten. The authenticate method just returns a null Principal object. So, by the time the request gets to the 'error' JSP, all I can report to the user is that there was some kind of problem - not what the problem was. I was thinking of writing my own Realm class which did the same, but threw the exception if one occurred. Unfortunately this would break the contract with the RealmBase class I think (abstract methods). From reading the Servlet spec, it suggests that the failure information *should* be available: The error page sent to a user that is not authenticated contains information about the failure. Does anyone have any advice / solved this problem before? Appreciate any feedback Thanks Richard Gundersen As a responsible corporate citizen, London Scottish Bank plc asks you to consider the environment before printing this email. *** Disclaimer *** This electronic communication is confidential and for the exclusive use of the addressee. It may contain private and confidential information. The information, attachments and opinions contained in this E-mail are those of its author only and do not necessarily represent those of London Scottish Bank PLC or any other members of the London Scottish Group. If you are not the intended addressee, you are prohibited from any disclosure, distribution or further copying or use of this communication or the information in it or taking any action in reliance on it. If you have received this communication in error please notify the Information Security Manager at [EMAIL PROTECTED] as soon as possible and delete the message from all places in your computer where it is stored. We utilise virus scanning software but we cannot guarantee the security of electronic communications and you are advised to check any attachments for viruses. We do not accept liability for any loss resulting from any corruption or alteration of data or importation of any virus as a result of receiving this electronic communication. Replies to this E-mail may be monitored for operational or business reasons. London Scottish Bank PLC is regulated by the Financial Services Authority. London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 973008 England. Subsidiary Companies:- London Scottish Finance Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 233259 England. London Scottish Broking Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 230110 England. London Scottish Invoice Finance Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 2643766 England. Robinson Way Company Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 885896 England. __ This email has been scanned by the MessageLabs Email Security System. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDI Realm nor returning LDAP error codes/exceptions
Hi Chris Urgh, humble apologies. Nope, I somehow managed to delete it. Retrieved it though, and now I see your suggestion to use securityfilter, which sounds perfect for what I need. I'll try it out first thing tomorrow when I get into the office. Sorry if it looks like I dismissed your email - I really didn't (on purpose) and very much appreciate your advice :) BTW do you have an opinion on JOSSO? Was playing around with that today and it seems to integrate with Tomcat very nicely. Thanks again. -Richard -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thu 24/04/2008 17:04 To: Tomcat Users List Subject: Re: JNDI Realm nor returning LDAP error codes/exceptions -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard, Gundersen, Richard wrote: | Can anyone help me with the problem below please? Did you bother to read my response? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgQr3AACgkQ9CaO5/Lv0PB2pgCghmZ4z+Hoe8aWjbR9pooSDhZw 6vsAoLYDMNg5leDbEtFbSGJBZflBUMIc =tlVl -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ As a responsible corporate citizen, London Scottish Bank plc asks you to consider the environment before printing this email. *** Disclaimer *** This electronic communication is confidential and for the exclusive use of the addressee. It may contain private and confidential information. The information, attachments and opinions contained in this E-mail are those of its author only and do not necessarily represent those of London Scottish Bank PLC or any other members of the London Scottish Group. If you are not the intended addressee, you are prohibited from any disclosure, distribution or further copying or use of this communication or the information in it or taking any action in reliance on it. If you have received this communication in error please notify the Information Security Manager at [EMAIL PROTECTED] as soon as possible and delete the message from all places in your computer where it is stored. We utilise virus scanning software but we cannot guarantee the security of electronic communications and you are advised to check any attachments for viruses. We do not accept liability for any loss resulting from any corruption or alteration of data or importation of any virus as a result of receiving this electronic communication. Replies to this E-mail may be monitored for operational or business reasons. London Scottish Bank PLC is regulated by the Financial Services Authority. London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 973008 England. Subsidiary Companies:- London Scottish Finance Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 233259 England. London Scottish Broking Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 230110 England. London Scottish Invoice Finance Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 2643766 England. Robinson Way Company Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 885896 England. __ This email has been scanned by the MessageLabs Email Security System.
JNDI Realm nor returning LDAP error codes/exceptions
Hi I'm using the standard JNDIRealm class to authenticate users. However if the login is unsuccessful, I am unable report the *reason* for the failure. The code for JNDIRealm.java tries to return a valid Principal object. If logging on fails - which could be for several reasons e.g. bad password, account expired, password needs changing etc - then the exception is caught, logged, and then forgotten. The authenticate method just returns a null Principal object. So, by the time the request gets to the 'error' JSP, all I can report to the user is that there was some kind of problem - not what the problem was. I was thinking of writing my own Realm class which did the same, but threw the exception if one occurred. Unfortunately this would break the contract with the RealmBase class I think (abstract methods). From reading the Servlet spec, it suggests that the failure information *should* be available: The error page sent to a user that is not authenticated contains information about the failure. Does anyone have any advice / solved this problem before? Appreciate any feedback Thanks Richard Gundersen As a responsible corporate citizen, London Scottish Bank plc asks you to consider the environment before printing this email. *** Disclaimer *** This electronic communication is confidential and for the exclusive use of the addressee. It may contain private and confidential information. The information, attachments and opinions contained in this E-mail are those of its author only and do not necessarily represent those of London Scottish Bank PLC or any other members of the London Scottish Group. If you are not the intended addressee, you are prohibited from any disclosure, distribution or further copying or use of this communication or the information in it or taking any action in reliance on it. If you have received this communication in error please notify the Information Security Manager at [EMAIL PROTECTED] as soon as possible and delete the message from all places in your computer where it is stored. We utilise virus scanning software but we cannot guarantee the security of electronic communications and you are advised to check any attachments for viruses. We do not accept liability for any loss resulting from any corruption or alteration of data or importation of any virus as a result of receiving this electronic communication. Replies to this E-mail may be monitored for operational or business reasons. London Scottish Bank PLC is regulated by the Financial Services Authority. London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 973008 England. Subsidiary Companies:- London Scottish Finance Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 233259 England. London Scottish Broking Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 230110 England. London Scottish Invoice Finance Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 2643766 England. Robinson Way Company Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 885896 England. __ This email has been scanned by the MessageLabs Email Security System. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
