Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 343472 - HttpServletRequest.login() always throws ServletException after invoking HttpServletRequest.isUserInRole()
Summary: HttpServletRequest.login() always throws ServletException after invoking Http...
Status: RESOLVED FIXED
Alias: None
Product: Jetty
Classification: RT
Component: server (show other bugs)
Version: 8.0.0   Edit
Hardware: PC Windows XP
: P3 major (vote)
Target Milestone: 7.2.x   Edit
Assignee: Greg Wilkins CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-04-20 23:17 EDT by michael1224.fang CLA
Modified: 2011-05-10 03:44 EDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description michael1224.fang CLA 2011-04-20 23:17:57 EDT 
Build Identifier: 

HttpServletRequest.login() always throws ServletException after invoking HttpServletRequest.isUserInRole().

The issue could be reproduced by the following code snippet: 

public class LoginServlet extends javax.servlet.http.HttpServlet {

    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        if (!request.isUserInRole("user")) {
            try {
                request.login("user", "password");
            } catch(ServletException se) {
                // ServletException is always thrown here
            }
        }
    }
}


Reproducible: Always
Comment 1 Greg Wilkins CLA 2011-05-10 03:08:01 EDT 
The issue appears to be caused by calls like isUserInRole forcing the authentication to be changed from deferred to unauthenticated.

A simple change will be to make Deferred.authenticate(...) return this if authentication fails.  But I'm concerned than unauthenticated might be set other ways and thus using it as a tunnel to the login service may not be the best idea.
Comment 2 Greg Wilkins CLA 2011-05-10 03:44:11 EDT 
tentative fix in r3109