You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Adam Hardy <ah...@cyberspaceroad.com> on 2003/10/15 10:50:09 UTC
Re: TC5 & mozilla
Can anybody check out this issue for me quickly.
Tomcat5's form-based authentication does not work under SSL with a
Struts mapping, in Mozilla 1.5.
TC5 loops straight back to the login page again and again OR it gives me
an "invalid direct reference to j_security_check"
Without SSL it works fine.
Without a Struts mapping (i.e. straight to a JSP) it works fine.
Also in Internet Explorer it works fine.
I've bundled the necessary .jsp & .xml files in a war (including
struts.jar, so it's 0.85MB) so you can drop it in your webapps
directory. It uses the MemoryRealm with tomcat-users.xml, which should
be set up by default in your server.xml.
So basically login with tomcat/tomcat.
Here's the WAR: http://www.cyberspaceroad.com/test.war
I'd right click it and select "save target as".
Thanks for the help. I haven't raised this with tomcat yet, I want to
make sure I'm not the only one first.
Adam
On 10/14/2003 06:48 PM Adam Hardy wrote:
> I have set this up with the minimum configuration possible to try to
> find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping,
> and the tomcat realm - no SSO, no filters, no templates, no
> SSL-redirection.
>
> With this security:
>
> <web-resource-collection>
> <web-resource-name>SSL 4 Login</web-resource-name>
> <url-pattern>/login.do</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
>
> when I try to login to my login.do mapping, in mozilla I get repeated
> login requests from tomcat. The first time twice only, the 2nd time 5
> times, 3rd time 10 times etc etc.
>
> I can see from my logging that the realm login is successful, but tomcat
> keeps giving the login page as stated.
>
> This does not happen in IE6 or lynx, in which the login works as normal.
>
> Has anybody else experienced this?
>
> Thanks
> Adam
>
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: TC5 & mozilla
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
On 10/15/2003 10:50 AM Adam Hardy wrote:
> Can anybody check out this issue for me quickly.
>
> Tomcat5's form-based authentication does not work under SSL with a
> Struts mapping, in Mozilla 1.5.
>
> TC5 loops straight back to the login page again and again OR it gives me
> an "invalid direct reference to j_security_check"
>
> Without SSL it works fine.
>
> Without a Struts mapping (i.e. straight to a JSP) it works fine.
I just built in a login to a JSP to prove this point but now I find that
this doesn't work either. Strange since it did yesterday night. I've
obviously got too many loose ends here. I guess this exonerates Struts.
>
> Also in Internet Explorer it works fine.
>
> I've bundled the necessary .jsp & .xml files in a war (including
> struts.jar, so it's 0.85MB) so you can drop it in your webapps
> directory. It uses the MemoryRealm with tomcat-users.xml, which should
> be set up by default in your server.xml.
>
> So basically login with tomcat/tomcat.
>
> Here's the WAR: http://www.cyberspaceroad.com/test.war
>
> I'd right click it and select "save target as".
>
> Thanks for the help. I haven't raised this with tomcat yet, I want to
> make sure I'm not the only one first.
>
> Adam
>
>
> On 10/14/2003 06:48 PM Adam Hardy wrote:
>
>> I have set this up with the minimum configuration possible to try to
>> find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping,
>> and the tomcat realm - no SSO, no filters, no templates, no
>> SSL-redirection.
>>
>> With this security:
>>
>> <web-resource-collection>
>> <web-resource-name>SSL 4 Login</web-resource-name>
>> <url-pattern>/login.do</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>user</role-name>
>> <role-name>admin</role-name>
>> </auth-constraint>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>>
>> when I try to login to my login.do mapping, in mozilla I get repeated
>> login requests from tomcat. The first time twice only, the 2nd time 5
>> times, 3rd time 10 times etc etc.
>>
>> I can see from my logging that the realm login is successful, but
>> tomcat keeps giving the login page as stated.
>>
>> This does not happen in IE6 or lynx, in which the login works as normal.
>>
>> Has anybody else experienced this?
>>
>> Thanks
>> Adam
>>
>
>
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org