Jerome Dochez wrote On 07/31/06 13:39,:
> I agree, even if I understand the runtime error may need to be a bit
> more generic, we should have better message than "should not reach here".
The fix I just committed implements the "spirit" of this message,
in that it won't even let you reach the point where DIGEST
authentication, which is not supported, is attempted.
I agree "Should not reach here" could be turned into something more
descriptive. But I also kind of like this message, because it gives a
hint to the container developers that a code path is being executed
that should have never been reached. In other words, it puts the
burden of investigation on us (as it did in this case, and very
successfully so :-), rather than on the webapp developer.
I'll defer to the security team, whose code is throwing this
IllegalStateException, as to whether they want to change the
exception message. But as I mentioned, this message was
never supposed to see the light of a stacktrace, and has helped
me pinpoint its rootcause.
Jan
>
> Jerome
>
> Marina Vatkina wrote:
>
>> Jan, Shing Wai,
>>
>> I think both cases need to be fixed - if deployment
>> doesn't fail (it should), the error message should
>> give all the necessary information to the user.
>>
>> My $.02.
>> -marina
>>
>