File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Obtaining Errors with form based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Obtaining Errors with form based authentication" Watch "Obtaining Errors with form based authentication" New topic
Author

Obtaining Errors with form based authentication

JeanLouis Marechaux
Ranch Hand

Joined: Nov 12, 2001
Posts: 906
Hi folks,
I use form base authentication in a web app (WebSphere).

When the authentication fails, I would like to be able to catch some information in the error.jsp page specified in the web.xml

But all these variable are NULL.
I can't figure out why... any idea ?
[ July 05, 2002: Message edited by: Bill Bailey ]

/ JeanLouis<br /><i>"software development has been, is, and will remain fundamentally hard" (Grady Booch)</i><br /> <br />Take a look at <a href="http://www.epfwiki.net/wikis/openup/" target="_blank" rel="nofollow">Agile OpenUP</a> in the Eclipse community
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

What exception would it throw?
I'm pretty sure FORM-based authentication is (by design) completely hit or miss. ie you either login or you don't. You can't 'maybe login'.
This stops people from creating security holes such as providing hints on what went wrong during the process. (eg "user doesn't exist" and "incorrect password" as opposed to "login failed")
Dave
JeanLouis Marechaux
Ranch Hand

Joined: Nov 12, 2001
Posts: 906
I guess you're right David.
Actually, that's my understanding when I read the servlet spec.
No error variables are specified in part 11, while they are fully described in part 9.8.
I had a special need for one application (being able to know why the log failed), so I hoped it was possible to catch errors.
But it sounds like it is not... and I guess it is better for security reasons
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Obtaining Errors with form based authentication