You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jess <jr...@ece.unm.edu> on 2005/11/15 21:49:32 UTC

Using Authentication/Authorization

Hiya,

I am using Tomcat and Apache to host a simple website.  I need to  
have some security on the site.  At least to start with.  Eventually  
I need to have security, period.  :)  So, following the documentation  
and several walk-thrus from many sources, I cannot get tomcat to  
cooperate.  I am running Mac OS X 10.4.3 and am using Java 1.5.0,  
apache 1.3, and tomcat 5.5.12 and am connecting apache and tomcat  
with the ajp13 connector (using mod_jk version 1.2.14).  At this  
point, I'm think I'm bypassing Apache/JKconnectors and going straight  
to the webapp via port 8080...

When I set up the web.xml file for using, say, basic security, and  
then attempt to access the constrained resources, tomcat gives me the  
error that the requested resource is not availabe.  When I remove all  
attempts (in the web.xml file) at security, I can access the resource  
just fine.  I tried using the UserDatabase realm and also the  
MemoryRealm, but to no avail either way.

Next, when I go to the default tomcat page, http://localhost:8080,  
and try to go to the Administrator section, it asks for my login and  
password.  (I've configured the tomcat-users.xml file to add an admin  
and manager role to one of the users and restarted the server.)  But  
when I attempt to log in, I get the error: "The requested resource (/ 
admin/j_security_check) is not available."  I know j_security_check  
is the action you enter for a form authentication, but this is what  
came with tomcat.. nothing of my creation, so I don't think I'm the  
problem.  This link worked on my tomcat version 5.0.  I upgraded  
today and now it doesn't work... so now seeings how I can't seem to  
get security running on my webapp and I can't log in to the  
administration section of the server, I'm wondering if there is some  
funk going on out of my scope.  I downloaded the binaries for mac..  
maybe something is wrong?  If anyone has any idea, please let me  
know.. I am at a total loss.

Thankyou,
Jess Ryan


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Using Authentication/Authorization

Posted by Jeremy Crosbie <je...@crosbie.us>.

I followed what Slide did when writing my module:
http://cvs.apache.org/viewcvs.cgi/jakarta-slide/src/jaas/org/apache/slide/ja
as/spi/SlideLoginModule.java?rev=1.2&view=markup



On 11/17/05 3:29 AM, "Markus Plail" <pl...@web.de> wrote:

> Hi Jeremy!
> 
> Jeremy Crosbie <je...@crosbie.us> writes:
>> Can you supply the relevant sections of your web.xml? I am using
>> FORM-based authentication--tested with both the Memory and JAAS
>> realms--but maybe this will give you some hints:
> 
> Do you successfully use JAAS realm based authentication in Tomcat
> version > 5.5.9? If yes, could you show me the commit method of your
> login module?
> 
> regards
> Markus
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Using Authentication/Authorization

Posted by Markus Plail <pl...@web.de>.

Hi Jeremy!

Jeremy Crosbie <je...@crosbie.us> writes:
> Can you supply the relevant sections of your web.xml? I am using
> FORM-based authentication--tested with both the Memory and JAAS
> realms--but maybe this will give you some hints:

Do you successfully use JAAS realm based authentication in Tomcat
version > 5.5.9? If yes, could you show me the commit method of your
login module?

regards
Markus


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Using Authentication/Authorization

Posted by Jeremy Crosbie <je...@crosbie.us>.

Can you supply the relevant sections of your web.xml? I am using FORM-based
authentication--tested with both the Memory and JAAS realms--but maybe this
will give you some hints:

...
<security-constraint>
  <web-resource-collection>
    <web-resource-name>home page</web-resource-name>
    <url-pattern>/index.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
    <role-name>myrole</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/loginError.jsp</form-login-page>
  </form-login-config>
</login-config>
<security-role>
  <role-name>myrole</role-name>
</security-role>
...


On 11/15/05 1:49 PM, "Jess" <jr...@ece.unm.edu> wrote:

> Hiya,
> 
> I am using Tomcat and Apache to host a simple website.  I need to
> have some security on the site.  At least to start with.  Eventually
> I need to have security, period.  :)  So, following the documentation
> and several walk-thrus from many sources, I cannot get tomcat to
> cooperate.  I am running Mac OS X 10.4.3 and am using Java 1.5.0,
> apache 1.3, and tomcat 5.5.12 and am connecting apache and tomcat
> with the ajp13 connector (using mod_jk version 1.2.14).  At this
> point, I'm think I'm bypassing Apache/JKconnectors and going straight
> to the webapp via port 8080...
> 
> When I set up the web.xml file for using, say, basic security, and
> then attempt to access the constrained resources, tomcat gives me the
> error that the requested resource is not availabe.  When I remove all
> attempts (in the web.xml file) at security, I can access the resource
> just fine.  I tried using the UserDatabase realm and also the
> MemoryRealm, but to no avail either way.
> 
> Next, when I go to the default tomcat page, http://localhost:8080,
> and try to go to the Administrator section, it asks for my login and
> password.  (I've configured the tomcat-users.xml file to add an admin
> and manager role to one of the users and restarted the server.)  But
> when I attempt to log in, I get the error: "The requested resource (/
> admin/j_security_check) is not available."  I know j_security_check
> is the action you enter for a form authentication, but this is what
> came with tomcat.. nothing of my creation, so I don't think I'm the
> problem.  This link worked on my tomcat version 5.0.  I upgraded
> today and now it doesn't work... so now seeings how I can't seem to
> get security running on my webapp and I can't log in to the
> administration section of the server, I'm wondering if there is some
> funk going on out of my scope.  I downloaded the binaries for mac..
> maybe something is wrong?  If anyone has any idea, please let me
> know.. I am at a total loss.
> 
> Thankyou,
> Jess Ryan
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org