Nathan, This is actually not a bug but a feature ... (hehe ... looks like a Microsoft moto, isn't it :-)).
The way security works with Cactus 1.3 is by securing _only_ the ServletRedirector. The servlet you're testing is actually never tested as a real servlet but as a simple java class (instanciated using a "new" in the test case). The redirector is acting as a proxy (this is true also for security). This answers point 1). WRT point 2), you can user whatever mapping you wish but you need to tell Cactus what URL to use to call the Redirector. This is done by editing your cactus.properties file and modifying the URL. Hope it helps -Vincent > -----Original Message----- > From: Phillips Nathan [mailto:[EMAIL PROTECTED]] > Sent: 01 February 2002 21:50 > To: '[EMAIL PROTECTED]' > Subject: New Authentication feature doesn't appear to work correctly. > > I've been able to get the Basic Security authentication feature in the > Cactus example to work with my Security Realm. However, I've not been > able > to actually apply it to my own secured servlets. Only the > ServletTestRedirector. I've ran into two major problems which appear to > be > with Cactus. > > 1) I am unable to get the example to run with any other servlet than the > ServletTestRedirector when secured. > > This works: > <servlet> > <servlet-name>FrontController</servlet-name> > > <servlet-class>org.apache.cactus.server.ServletTestRedirector</servlet- > class > > > <security-role-ref> > <role-name>my_user</role-name> > <role-link>my_user</role-link> > </security-role-ref> > </servlet> > > but when I use one of my own protected servlets as in: > <servlet-class>com.somewhere.MyServlet</servlet-class> > it does not. > > 2) If the url-pattern name does not match the servlet name, then Cactus > doesn't work. > > This works: > <servlet-mapping> > <servlet-name>FrontController</servlet-name> > <url-pattern>/FrontController/*</url-pattern> > </servlet-mapping> > > This does not: > <servlet-mapping> > <servlet-name>FrontController</servlet-name> > <url-pattern>/servlet/*</url-pattern> > </servlet-mapping> > > Of course the <security-constraint> tags have been altered to reflect each > test correctly. Am I misunderstanding how to use the security feature in > Cactus or are these problems? Thanks for your help. > > Error message in both cases: > java.lang.NullPointerException > at org.apache.cactus.client.AbstractHttpClient.doTest$ajcPostAround10 > > -- > To unsubscribe, e-mail: <mailto:cactus-user- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:cactus-user- > [EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
