Warren Crossing wrote:
> hey,
>
> i've had to debug these following class to get it going..
> it just stopped on j_security_check when a incorrect username password combination
>was supplied.
>
> sorry i can't update them myself.. maybe next time =D
>
> release 4 milestone 5 src code
>
Warren,
It would be helpful for you to describe a little more detail about how you have your
webapp set up
(what your login and error pages look like, and how you've got stuff configured in
web.xml). Even
more important, what is it about the current behavior that you think is not working
correctly? And
what do think the correct behavior is?
After we understand and agree on behavior, we can detrmine what changes (if any) are
needed in the
code.
Also, the best way to post patches is to use the "unified diff" format, as described
on the Jakarta
web site. It is not at all clear from your posted patches exactly which lines get
modified to what.
>
> FormAuthenticator.class authenticate method
>
> ....
> if ( principal == null ) {
> request.setRequestURI(contextPath + config.getErrorPage());
> ------NEW LINE ----
> request.setMethod ("GET");
> ------END LINE -----
> ------MODIFIED LINE----
> return ( false ) ;
> ------END MODIFY------
> }
>
I do not see anywhere in the spec that the error page is guaranteed to be invoked with
a GET. Did I
miss something? (Note -- if you are using a JSP page for the error page, this doesn't
matter -- JSP
pages deal with GET and POST identically).
What is the purpose for modifying the return value? At present, this logic correctly
displays the
error page if you type in an invalid username or password.
> ...
>
> AuthenticatorBase.class invoke method
>
> if (!authenticate(hrequest,hresponse,config)) {
> ...
> -----REMOVE LINE-----
> //return;
> -----END REMOVE -----
> }
>
Same question -- what are you trying to accomplish here?
Craig McClanahan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
