DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10305>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10305 Realms should be able to return an error message Summary: Realms should be able to return an error message Product: Tomcat 4 Version: 4.0.2 Final Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] It would be very useful to me if Realm implementations could return an error message and this error message was set as a session attribute. This way, one could configure a Servlet as the form login error page, and that Servlet could display the Realm implementation's error message. This would be very useful for Realms where there are many reasons why a login attempt may have failed, and a general error message is inadequate. For example, with a Realm that I am working on that uses JNDI to access a Novell LDAP server, I need to return an error message that says "Password expired" when a users's password has expired. A user may leave his or her computer on for a few weeks, during which their password may expire. If they then try to access one of our secured Web applications, a general error message is too confusing for them. I also need to return an error message that says "You have exceeded your connection limit" when the Novell LDAP server returns an error telling me that the user has too many Novell connections. I also need to return "The LDAP server is down" when our Novell LDAP server crashes because it crashes every week or two. Here is one way to do this: Create a new Realm interface with authenticate methods that have one extra parameter: a StringBuffer. When a Realm wishes to indicate an error, it adds an error message to the StringBuffer and returns a null Principal. Tomcat's FormAuthenticator would then set a session attribute using a key such as "org.apache.catalina.authenticator.FormAuthenticator.error_message" with the value of the error message. Note, this could be a new Realm interface, for example Realm2, for backward compatibility. Tomcat could use the Realm2 interface if a Realm implementation supports it, or the Realm interface for implementations that have not yet been updated to support the new interface. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
