You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Adam Hardy <ah...@cyberspaceroad.com> on 2003/10/15 10:50:09 UTC

Re: TC5 & mozilla 

Can anybody check out this issue for me quickly.

Tomcat5's form-based authentication does not work under SSL with a 
Struts mapping, in Mozilla 1.5.

TC5 loops straight back to the login page again and again OR it gives me 
an "invalid direct reference to j_security_check"

Without SSL it works fine.

Without a Struts mapping (i.e. straight to a JSP) it works fine.

Also in Internet Explorer it works fine.

I've bundled the necessary .jsp & .xml files in a war (including 
struts.jar, so it's 0.85MB) so you can drop it in your webapps 
directory. It uses the MemoryRealm with tomcat-users.xml, which should 
be set up by default in your server.xml.

So basically login with tomcat/tomcat.

Here's the WAR:  http://www.cyberspaceroad.com/test.war

I'd right click it and select "save target as".

Thanks for the help. I haven't raised this with tomcat yet, I want to 
make sure I'm not the only one first.

Adam


On 10/14/2003 06:48 PM Adam Hardy wrote:
> I have set this up with the minimum configuration possible to try to 
> find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping, 
> and the tomcat realm - no SSO, no filters, no templates, no 
> SSL-redirection.
> 
> With this security:
> 
>     <web-resource-collection>
>       <web-resource-name>SSL 4 Login</web-resource-name>
>       <url-pattern>/login.do</url-pattern>
>     </web-resource-collection>
>     <auth-constraint>
>       <role-name>user</role-name>
>       <role-name>admin</role-name>
>     </auth-constraint>
>     <user-data-constraint>
>       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>     </user-data-constraint>
> 
> when I try to login to my login.do mapping, in mozilla I get repeated 
> login requests from tomcat. The first time twice only, the 2nd time 5 
> times, 3rd time 10 times etc etc.
> 
> I can see from my logging that the realm login is successful, but tomcat 
> keeps giving the login page as stated.
> 
> This does not happen in IE6 or lynx, in which the login works as normal.
> 
> Has anybody else experienced this?
> 
> Thanks
> Adam
> 


-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org

Re: TC5 & mozilla

Posted by Adam Hardy <ah...@cyberspaceroad.com>.
On 10/15/2003 10:50 AM Adam Hardy wrote:
> Can anybody check out this issue for me quickly.
> 
> Tomcat5's form-based authentication does not work under SSL with a 
> Struts mapping, in Mozilla 1.5.
> 
> TC5 loops straight back to the login page again and again OR it gives me 
> an "invalid direct reference to j_security_check"
> 
> Without SSL it works fine.
> 
> Without a Struts mapping (i.e. straight to a JSP) it works fine.

I just built in a login to a JSP to prove this point but now I find that 
this doesn't work either. Strange since it did yesterday night. I've 
obviously got too many loose ends here. I guess this exonerates Struts.


> 
> Also in Internet Explorer it works fine.
> 
> I've bundled the necessary .jsp & .xml files in a war (including 
> struts.jar, so it's 0.85MB) so you can drop it in your webapps 
> directory. It uses the MemoryRealm with tomcat-users.xml, which should 
> be set up by default in your server.xml.
> 
> So basically login with tomcat/tomcat.
> 
> Here's the WAR:  http://www.cyberspaceroad.com/test.war
> 
> I'd right click it and select "save target as".
> 
> Thanks for the help. I haven't raised this with tomcat yet, I want to 
> make sure I'm not the only one first.
> 
> Adam
> 
> 
> On 10/14/2003 06:48 PM Adam Hardy wrote:
> 
>> I have set this up with the minimum configuration possible to try to 
>> find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping, 
>> and the tomcat realm - no SSO, no filters, no templates, no 
>> SSL-redirection.
>>
>> With this security:
>>
>>     <web-resource-collection>
>>       <web-resource-name>SSL 4 Login</web-resource-name>
>>       <url-pattern>/login.do</url-pattern>
>>     </web-resource-collection>
>>     <auth-constraint>
>>       <role-name>user</role-name>
>>       <role-name>admin</role-name>
>>     </auth-constraint>
>>     <user-data-constraint>
>>       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>     </user-data-constraint>
>>
>> when I try to login to my login.do mapping, in mozilla I get repeated 
>> login requests from tomcat. The first time twice only, the 2nd time 5 
>> times, 3rd time 10 times etc etc.
>>
>> I can see from my logging that the realm login is successful, but 
>> tomcat keeps giving the login page as stated.
>>
>> This does not happen in IE6 or lynx, in which the login works as normal.
>>
>> Has anybody else experienced this?
>>
>> Thanks
>> Adam
>>
> 
> 


-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org