-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/9/15 12:49 PM, Sreyan Chakravarty wrote:
> Okay can you please guide me on how to log the bug. That would be
> great. If possible you could do it yourself also.
1. Register for Bugzilla at bz.apache.org
2. Fill-out this form:
https:
Okay can you please guide me on how to log the bug. That would be great. If
possible you could do it yourself also.
And as far as opinions go I really don't know. The whole process of Realms
seem confusing to me and its overtly complicated.
Thanks for testing out the issue.
On Wed, Sep 9, 2015 a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/9/15 9:45 AM, Christopher Schultz wrote:
> On 9/7/15 2:17 PM, Sreyan Chakravarty wrote:
>> I have found the cause of the problem. It seems that there is no
>> null checking in the DataSourceRealm in Tomcat. What I mean is
>> that if a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/7/15 2:17 PM, Sreyan Chakravarty wrote:
> I have found the cause of the problem. It seems that there is no
> null checking in the DataSourceRealm in Tomcat. What I mean is that
> if a particular user does not exist in the database and i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/7/15 9:56 AM, Sreyan Chakravarty wrote:
> I did what you said. That is pointing the web browser to a
> protected resource without authentication and then logging in. It
> works perfectly IF AND ONLY IF the credentials are ABSOLUTELY
> c
I have found the cause of the problem. It seems that there is no null
checking in the DataSourceRealm in Tomcat. What I mean is that if a
particular user does not exist in the database and is credentials are
returned as a null string then no null checking is specified.
I would like to open this as
Yes but what happens when the user passes a user-id that is not present in
the DB. Or a password that is incorrect. How would the server handle that ?
If I pass an incorrect user I am getting a NPE. And if I pass an invalid
password but a valid user a am not being redirected to the form-login-erro
Hi.
I have notv really followed this thread from the beginning, but maybe I can contribute
something here..
On 07.09.2015 15:56, Sreyan Chakravarty wrote:
..
Also can I webapp have different realms ? If so how do you distinguish them
? I was looking at the RealmBase source and I haven't noti
I did what you said. That is pointing the web browser to a protected
resource without authentication and then logging in. It works perfectly IF
AND ONLY IF the credentials are ABSOLUTELY correct. Otherwise I am getting
undefined behavior an thats where I need your help now.
First-: If I provide an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/31/15 3:20 PM, Sreyan Chakravarty wrote:
> Ok I found FormAuthenticator and landingPage attribute in it in the
> source.
You shouldn't need to look at the source.
> But how do I use that in my application ? What do I do ?
You configu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/31/15 3:16 PM, Sreyan Chakravarty wrote:
> Well Christopher thanks for that eye opener. I didn't know that the
> specs were so inconsistent.
They aren't inconsistent... it's just that they don't cover a popular
use case. Remember that
Ok I found FormAuthenticator and landingPage attribute in it in the source.
But how do I use that in my application ? What do I do ?
Any documentation for this ?
On Tue, Sep 1, 2015 at 12:46 AM, Sreyan Chakravarty <
sreyan.mail...@gmail.com> wrote:
> Well Christopher thanks for that eye opener.
Well Christopher thanks for that eye opener. I didn't know that the specs
were so inconsistent.
Okay now regarding your comment-:
"Servlet 3.0 added the HttpServletRequest.login() method would improved
the situation greatly: you can implement your own login handler that
plugs-into the authenticat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/31/15 2:01 PM, Mark Thomas wrote:
> On 31/08/2015 18:49, Christopher Schultz wrote:
>
>> Really the only thing the servlet spec is missing is a setting
>> in like or something like
>> that, so that if you try to login with j_security_c
On 31/08/2015 18:49, Christopher Schultz wrote:
> Really the only thing the servlet spec is missing is a setting in
> like or something like that, so
> that if you try to login with j_security_check and you hadn't already
> requested a protected resource, the container knows where to send the
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/31/15 1:39 PM, Sreyan Chakravarty wrote:
> First of all I did read the Servlet Spec, it provided no hint as to
> what I was doing wrong.
>
> So you are saying that I can't have a login form on the page when
> the welcome page ? Why not
First of all I did read the Servlet Spec, it provided no hint as to what I
was doing wrong.
So you are saying that I can't have a login form on the page when the
welcome page ? Why not ? Tons of site have just that, like Twitter and
Facebook. It seems weird why I can't have it on my welcome page.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/31/15 12:34 PM, Sreyan Chakravarty wrote:
> Wait I am sure I am going wrong in a fundamental area.
>
> My security constraint is as follow-:
>
>
> TECHERS
> /teacher/success.jsp
> GET POST
>
>
> TEACHER
>
>
> FORM
> /i
> From: Sreyan Chakravarty [mailto:sreyan.mail...@gmail.com]
> Subject: Re: HTTP 400 with Form based authentication
> My security constraint is as follow-:
>
> FORM
>
> /index.jsp
> /index.jsp?error=true
>
>
Wait I am sure I am going wrong in a fundamental area.
My security constraint is as follow-:
TECHERS
/teacher/success.jsp
GET
POST
TEACHER
FORM
/index.jsp
On 31/08/2015 07:00, Sreyan Chakravarty wrote:
> I don't understand where did I request the login page directly ? I just put
> as index.jsp and and the error page as
> index.jsp?error=true.
>
> So where is my error ?
Did you request '/teacher/success.jsp' ? No, you did not.
Did you request '/in
I don't understand where did I request the login page directly ? I just put
as index.jsp and and the error page as
index.jsp?error=true.
So where is my error ?
On Sun, Aug 30, 2015 at 9:54 PM, Mark Thomas wrote:
> On 29/08/2015 22:16, Sreyan Chakravarty wrote:
> > Okay this is my first try at
On 29/08/2015 22:16, Sreyan Chakravarty wrote:
> Okay this is my first try at container based authentication using Realms in
> Tomcat. And things have gone wrong. Here is my login page -:
> My web.xml security configuration is -:
>
>
>
> TECHERS
> /teacher/suc
23 matches
Mail list logo
