Form-based authentication example broken in Tomcat 6.0

[Frank McCown <fm...@cs.odu.edu>]

I noticed the MemoryRealm / form-based authentication example in Tomcat 
6.0 is broken.  The example works just fine in Tomcat 5.5, but in the 
migration to 6.0, it got broken.  According to the doc at

http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html

the app is supposed to be available at

http://localhost:8080/jsp-examples/security/protected/

but the URL is actually

http://localhost:8080/examples/jsp/security/protected/


The default contents of the conf/tomcat-users.xml file *should* be

<tomcat-users>
   <user name="tomcat" password="tomcat" roles="tomcat" />
   <user name="role1"  password="tomcat" roles="role1"  />
   <user name="both"   password="tomcat" roles="tomcat,role1" />
</tomcat-users>

but the file that ships with 6.0 is missing all the <user> tags.


And the server.xml file is missing the line:

<Realm className="org.apache.catalina.realm.MemoryRealm" />


Finally the web.xml file is using the wrong <url-pattern>.  It is set to

<url-pattern>/security/protected/*</url-pattern>

but should be

<url-pattern>/jsp/security/protected/*</url-pattern>

Making these changes will fix the example.  Hope someone working on 
Tomcat sees this post.

Regards,
Frank



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Form-based authentication example broken in Tomcat 6.0

[Frank McCown <fm...@cs.odu.edu>]

Rémy Maucherat wrote:
> On 5/2/07, Frank McCown <fm...@cs.odu.edu> wrote:
>> The default contents of the conf/tomcat-users.xml file *should* be
>>
>> <tomcat-users>
>>    <user name="tomcat" password="tomcat" roles="tomcat" />
>>    <user name="role1"  password="tomcat" roles="role1"  />
>>    <user name="both"   password="tomcat" roles="tomcat,role1" />
>> </tomcat-users>
>>
>> but the file that ships with 6.0 is missing all the <user> tags.
> 
> No default users will be provided.

Do you mean you are leaving users out on purpose for security reasons? 
So I guess you'll change the documentation to tell the reader to add the 
users themselves.


> The rest has been fixed, thanks.

Thanks for updating the document, Rémy.

Frank

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Form-based authentication example broken in Tomcat 6.0

[Rémy Maucherat <re...@gmail.com>]

On 5/2/07, Frank McCown <fm...@cs.odu.edu> wrote:
> The default contents of the conf/tomcat-users.xml file *should* be
>
> <tomcat-users>
>    <user name="tomcat" password="tomcat" roles="tomcat" />
>    <user name="role1"  password="tomcat" roles="role1"  />
>    <user name="both"   password="tomcat" roles="tomcat,role1" />
> </tomcat-users>
>
> but the file that ships with 6.0 is missing all the <user> tags.

No default users will be provided.

> And the server.xml file is missing the line:
>
> <Realm className="org.apache.catalina.realm.MemoryRealm" />

It has a functionally equivalent realm.

> Making these changes will fix the example.  Hope someone working on
> Tomcat sees this post.

The rest has been fixed, thanks.

Rémy

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org