You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Marc Farrow <ma...@gmail.com> on 2006/05/30 21:30:12 UTC
Realm Tag in webappnamecontext.xml
I have a context with the following Realm tag. However, when I navigate to
the page, the page pulls up without any type of authentication. What am I
missing? I have read the "Realm Configuration HOW-TO" at apache.org.
<Context path="/mycontext">
<Realm name="testRealm"
className="org.apache.catalina.realm.JNDIRealm"
connectionURL="LDAP://myldapmachine001.mytest.com/CN=mycn,OU=Groups,DC=mycompany,DC=com"
alternateURL="LDAP://myldapmachine002.mytest.com/CN=mycn,OU=Groups,DC=mycompany,DC=com"
/>
</Context>
--
Marc Farrow
Re: Realm Tag in webappnamecontext.xml
Posted by Marc Farrow <ma...@gmail.com>.
Thanks Mark. I did figure out my configuration problem!
On 6/2/06, Mark Thomas <ma...@apache.org> wrote:
>
> Marc Farrow wrote:
> > <auth-contraint/>
>
> And there is the problem. An empty <auth-constraint> allows
> unauthenticated access as per SRV.12.8.1
>
> An empty <auth-constraint> is not the same as an <auth-constraint>
> that specifies no roles and therefore denies access to all as per
> SRV.12.8.1.
>
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Marc Farrow
Re: Realm Tag in webappnamecontext.xml
Posted by Mark Thomas <ma...@apache.org>.
Marc Farrow wrote:
> <auth-contraint/>
And there is the problem. An empty <auth-constraint> allows
unauthenticated access as per SRV.12.8.1
An empty <auth-constraint> is not the same as an <auth-constraint>
that specifies no roles and therefore denies access to all as per
SRV.12.8.1.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Realm Tag in webappnamecontext.xml
Posted by Marc Farrow <ma...@gmail.com>.
Ok, I have read both the Tomcat's Realm How-to and also the Servlet Specs.
I have the following application context and web.xml files. When I go to
http://localhost:8080/mywebappcontext/index.jsp, then page pulls up and no
dialog box comes up asking the user for username/password. I know I am
missing something. I can only guess that the way I have it set up, that the
servlet container is validating against LDAP (anonymous access is turned
off) without any credentials being presented.
Are there any thoughts/leads?
Goal of security constraint:
More information on the LDAP setup in case that may be culprit. We created
a new group called TestGroup that is in the structure defined by the URL.
We want to check the memberOf attribute of this group to see if the username
the is a member of that group.
mywebappcontext.xml:
<Context path="/mywebappcontext">
<Realm name="testRealm"
className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://ldapmachine1/CN=TestGroup,OU=Groups,DC=mycompany,DC=net"
alternateURL="ldaps://ldapmachine2/CN=TestGroup,OU=Groups,DC=mycompany,DC=net"
/>
</Context>
web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<servlet>
<servlet-name>Servlet</servlet-name>
<servlet-class>com.mycompany.MyServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Turnover Servlet</servlet-name>
<url-pattern>/servlet</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>5</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted web resources (all)</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-contraint/>
</security-constraint>
</web-app>
On 5/30/06, Mark Thomas <ma...@apache.org> wrote:
>
> Marc Farrow wrote:
> > I have a context with the following Realm tag. However, when I navigate
> to
> > the page, the page pulls up without any type of authentication. What am
> I
> > missing? I have read the "Realm Configuration HOW-TO" at apache.org.
>
> How you read chapter SRV.12 of the servlet spec? Specifically, what
> did you put in web.xml?
>
> Mark
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Marc Farrow
Re: Realm Tag in webappnamecontext.xml
Posted by Mark Thomas <ma...@apache.org>.
Marc Farrow wrote:
> I have a context with the following Realm tag. However, when I navigate to
> the page, the page pulls up without any type of authentication. What am I
> missing? I have read the "Realm Configuration HOW-TO" at apache.org.
How you read chapter SRV.12 of the servlet spec? Specifically, what
did you put in web.xml?
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org