Hi
Can anyone help me with the problem below please? I just need a way of
getting some kind of error message back to the user to say WHY they
couldn't be logged on.
The current realm implementations only seem to pass either a
SUCCESS/FAIL back. But there could be lots of reasons why login failed
e.g. server is down, account is locked etc.
I have tried writing my own realm that throws a custom RuntimeException
(containing an error message) but the container ultimately swallows this
so my webapp can't get hold of it.
I also tried returning my own custom Principal object which contains an
error message (e.g. "This principal is invalid for the following reason:
account is locked") but of course the session is invalidated so my
webapp can't get hold of that either.
The Servlet Spec hints that the details of the login failure SHOULD be
available, but I can't find any way of doing it.
ANY help would be really appreciated.
Richard Gundersen
Java Developer
-----Original Message-----
From: Gundersen, Richard
Sent: Wednesday, April 23, 2008 4:16 PM
To: 'users@tomcat.apache.org'
Subject: JNDI Realm nor returning LDAP error codes/exceptions
Hi
I'm using the standard JNDIRealm class to authenticate users. However if
the login is unsuccessful, I am unable report the *reason* for the
failure.
The code for JNDIRealm.java tries to return a valid Principal object.
If logging on fails - which could be for several reasons e.g. bad
password, account expired, password needs changing etc - then the
exception is caught, logged, and then forgotten. The authenticate method
just returns a null Principal object.
So, by the time the request gets to the 'error' JSP, all I can report to
the user is that there was some kind of problem - not what the problem
was.
I was thinking of writing my own Realm class which did the same, but
threw the exception if one occurred. Unfortunately this would break the
contract with the RealmBase class I think (abstract methods).
From reading the Servlet spec, it suggests that the failure information
*should* be available:
"The error page sent to a user that is not authenticated
contains information about the failure."
Does anyone have any advice / solved this problem before? Appreciate any
feedback
Thanks
Richard Gundersen
As a responsible corporate citizen, London Scottish Bank plc asks you to
consider the environment before printing this email.
*** Disclaimer ***
This electronic communication is confidential and for the exclusive use of the
addressee. It may contain private and confidential information. The
information, attachments and opinions contained in this E-mail are those of its
author only and do not necessarily represent those of London Scottish Bank PLC
or any other members of the London Scottish Group.
If you are not the intended addressee, you are prohibited from any disclosure,
distribution or further copying or use of this communication or the information
in it or taking any action in reliance on it. If you have received this
communication in error please notify the Information Security Manager at [EMAIL
PROTECTED] as soon as possible and delete the message from all places in your
computer where it is stored.
We utilise virus scanning software but we cannot guarantee the security of
electronic communications and you are advised to check any attachments for
viruses. We do not accept liability for any loss resulting from any corruption
or alteration of data or importation of any virus as a result of receiving this
electronic communication.
Replies to this E-mail may be monitored for operational or business reasons.
London Scottish Bank PLC is regulated by the Financial Services Authority.
London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3 3NW
Registered Number 973008 England.
Subsidiary Companies:-
London Scottish Finance Limited, Registered Office: 201 Deansgate, Manchester
M3 3NW Registered Number 233259 England.
London Scottish Broking Limited, Registered Office: 201 Deansgate, Manchester
M3 3NW Registered Number 230110 England.
London Scottish Invoice Finance Limited, Registered Office: 201 Deansgate,
Manchester M3 3NW Registered Number 2643766 England.
Robinson Way & Company Limited, Registered Office: 201 Deansgate, Manchester M3
3NW Registered Number 885896 England.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
