Re: Cactus Authentication problem with Tomcat > 5.5.20

Fri, 28 Sep 2007 04:40:18 -0700 

Hi Nicolas,

I believe I have successfully re-produced your problem
in my environment.

In article <[EMAIL PROTECTED]>,
Mon, 24 Sep 2007 12:47:27 +0000 (UTC),
Nicolas Clemeur <[EMAIL PROTECTED]> wrote: 
nclemeur> I am having some difficulties to setup cactus tests using 
nclemeur> tomcat > 5.5.20 (Everything works fine with 5.5.20). 
nclemeur> I am using form authentication in cactus tests (as described
nclemeur>  on the cactus web site). When I look at the generated request,
nclemeur> I get the authentication layer called with all the parameters
nclemeur> needed for the test (service name, class,...), but when the 
nclemeur> request for the actual test is generated it is missing all the
nclemeur>  parameters to run the test. So I am suspecting something must
nclemeur>  have change in tomcat (nothing has changed in the cactus 
nclemeur> environment) in the way the authentication calls are handled
nclemeur>  in tomcat post 5.5.20 (I have tried 5.5.23 and 5.5.25). 

I reviewed the difference between source codes of Tomcat
of versions 5.5.20 and 5.5.23.
My understanding at this moment is as follows:
        It seems behavior of Tomcat have been changed so that
        the request just after the authentication (i.e. j_security_check)
        would be replaced by a cached request which did arise
        the authentication.

        The FormAuthentication class of Cactus sends a request
        without parameter for an authentication (i.e. to obtain
        a JSESSIONID which is associated with the user principal).
        Tomcat caches the request and would replace the next request
        (just after the authentication) internally by the cached one,
        even if the client-side of Cactus sent the request with
        parameters to run test. Then, the ServletRedirectorSecure
        receives the cached-request without parameters
        which causes an error.

As the behavior cannot be controled by some configuration of Tomcat,
Cactus should be changed to adopt.

I have modified the FormAuthentication class so that
the form authentication would work with both Tomcat 5.5.20
and 5.5.23.

I'll post the (dirty ;-<) code later.
----
Kazuhito SUGURI

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to