Dear all, I wrote my own authenticator (extends FormAuthenticator) & realm (extends JDBCRealm). What I need is to check one more field in the database besides password for authentication. Only minor modifications are made on the original codes so I think it should be fine. What I also did include changing the org/apache/catalina/startup/Authenticators.properties file to add the new authenticator; modifying the server.xml and web.xml accordingly. Furthermore, I added the entries for my authenticator and realm in the mbeans-descriptor.xml file. I expected everything to work perfectly but when I tried to access the secured area, I got the following error: HTTP Status 500 - Configuration error: Cannot perform access control without an authenticated principal ---------------------------------
type Status report message Configuration error: Cannot perform access control without an authenticated principal description The server encountered an internal error (Configuration error: Cannot perform access control without an authenticated principal) that prevented it from fulfilling this request. This error was triggered instantly. I mean I even did not have a chance to see the login webpage. Now I have several questions: What is the flow of the authentication? Was my authenticator got executed at all? Any suggestions would be greatly appreciated. Charles --------------------------------- Do you Yahoo!? The New Yahoo! Shopping - with improved product search
