Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Obtaining Errors with form based authentication

 
JeanLouis Marechaux
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi folks,
I use form base authentication in a web app (WebSphere).

When the authentication fails, I would like to be able to catch some information in the error.jsp page specified in the web.xml

But all these variable are NULL.
I can't figure out why... any idea ?
[ July 05, 2002: Message edited by: Bill Bailey ]
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What exception would it throw?
I'm pretty sure FORM-based authentication is (by design) completely hit or miss. ie you either login or you don't. You can't 'maybe login'.
This stops people from creating security holes such as providing hints on what went wrong during the process. (eg "user doesn't exist" and "incorrect password" as opposed to "login failed")
Dave
 
JeanLouis Marechaux
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess you're right David.
Actually, that's my understanding when I read the servlet spec.
No error variables are specified in part 11, while they are fully described in part 9.8.
I had a special need for one application (being able to know why the log failed), so I hoped it was possible to catch errors.
But it sounds like it is not... and I guess it is better for security reasons
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic