I'm working on switching our application from Basic to Form authentication.
I had Cactus working fine with:
request.setRedirectorName("ServletRedirectorSecure");
request.setAuthentication(new BasicAuthentication("user", "password");
I changed our web.xml from BASIC to FORM, switched the application, and that
all works fine. Cactus, however, fails when I change the above to:
request.setRedirectorName("ServletRedirectorSecure");
request.setAuthentication(new FormAuthentication("user", "password");
which should work according to
http://jakarta.apache.org/cactus/writing/howto_security.html
With BasicAuthentication, everything works fine and I get this in my access
log:
127.0.0.1 - user [29/Apr/2008:14:32:48 -0500] "GET
/application/ServletRedirectorSecure?Cactus_TestMethod=testMethod&Cactus_TestClass=com.company.TestClass&Cactus_AutomaticSession=true&Cactus_Service=CALL_TEST
HTTP/1.1" 200 -
127.0.0.1 - user [29/Apr/2008:14:32:48 -0500] "GET
/application/ServletRedirectorSecure?Cactus_Service=GET_RESULTS HTTP/1.1"
200 23
With FormAuthentication, I get "Missing service name parameter
[Cactus_Service] in HTTP request." and "Error getting test result. This
could happen for example if you're using a load-balancer." This is what I
see in my access log:
127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "GET
/application/ServletRedirectorSecure HTTP/1.1" 200 2357
127.0.0.1 - - [29/Apr/2008:16:50:18 -0500] "POST
/application/j_security_check HTTP/1.1" 302 -
127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
/application/ServletRedirectorSecure HTTP/1.1" 500 2527
127.0.0.1 - user [29/Apr/2008:16:50:18 -0500] "GET
/application/ServletRedirectorSecure?Cactus_Service=GET_RESULTS HTTP/1.1"
500 2556
It seems to be losing the http parameters when I use form auth. Did
something change between the time the docs were written and now? Is there a
better FormAuthentication example?
Has anybody gotten FormAuthentication to work?
Thanks,
Eric
