You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Venkat & Radha Venkataramanan <Ve...@warpdriveonline.com> on 2005/01/19 06:06:20 UTC
Form-based security
Hello:
I just wrote my first form-based security control. It works fine if I sign
with a user id that plays the permitted role.
But when I enter a user id that does not play the permitted role, instead of
getting my customized error page, autherr.html, I get a generic 403 error.
Can somebody tell me what I am doing wrong?
Thanks.
Venkat
Web.xml section:
<security-constraint>
<web-resource-collection>
<web-resource-name>MyFirst</web-resource-name>
<description> accessible by authenticated users of the
tomcat role</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>These roles are allowed access</description>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyFirst Protected Area</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/autherr.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Only 'tomcat' role is allowed to access this web
application</description>
<role-name>tomcat</role-name>
</security-role>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: Form-based security
Posted by Venkat & Radha Venkataramanan <Ve...@WarpDriveonline.com>.
Omar!
Aha! Even the autherr.html page seems to be protected by the form-based
security. When I try to open autherr.html by the url,
http://127.0.0.1:8080/MyFirst/autherr.html, I get the login page!
How would I unprotect it?
Thanks.
-----Original Message-----
From: Omar Adobati [mailto:omar.adobati@gmail.com]
Sent: Wednesday, January 19, 2005 3:31 AM
To: Tomcat Users List
Subject: Re: Form-based security
what happen if you load tour error page using the address bar? can you
see it? Isn't a path matter?
regards,
Omar
On Wed, 19 Jan 2005 00:06:20 -0500, Venkat & Radha Venkataramanan
<Ve...@warpdriveonline.com> wrote:
> Hello:
>
> I just wrote my first form-based security control. It works fine if I sign
> with a user id that plays the permitted role.
>
> But when I enter a user id that does not play the permitted role, instead
of
> getting my customized error page, autherr.html, I get a generic 403 error.
>
> Can somebody tell me what I am doing wrong?
>
> Thanks.
>
> Venkat
>
> Web.xml section:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>MyFirst</web-resource-name>
> <description> accessible by authenticated users of the
> tomcat role</description>
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description>These roles are allowed access</description>
> <role-name>tomcat</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>MyFirst Protected Area</realm-name>
> <form-login-config>
> <form-login-page>/login.html</form-login-page>
> <form-error-page>/autherr.html</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <description>Only 'tomcat' role is allowed to access this web
> application</description>
> <role-name>tomcat</role-name>
> </security-role>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Adobati Omar
omar.adobati@gmail.it
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Form-based security
Posted by Omar Adobati <om...@gmail.com>.
what happen if you load tour error page using the address bar? can you
see it? Isn't a path matter?
regards,
Omar
On Wed, 19 Jan 2005 00:06:20 -0500, Venkat & Radha Venkataramanan
<Ve...@warpdriveonline.com> wrote:
> Hello:
>
> I just wrote my first form-based security control. It works fine if I sign
> with a user id that plays the permitted role.
>
> But when I enter a user id that does not play the permitted role, instead of
> getting my customized error page, autherr.html, I get a generic 403 error.
>
> Can somebody tell me what I am doing wrong?
>
> Thanks.
>
> Venkat
>
> Web.xml section:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>MyFirst</web-resource-name>
> <description> accessible by authenticated users of the
> tomcat role</description>
> <url-pattern>/*</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description>These roles are allowed access</description>
> <role-name>tomcat</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>MyFirst Protected Area</realm-name>
> <form-login-config>
> <form-login-page>/login.html</form-login-page>
> <form-error-page>/autherr.html</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <description>Only 'tomcat' role is allowed to access this web
> application</description>
> <role-name>tomcat</role-name>
> </security-role>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Adobati Omar
omar.adobati@gmail.it
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org