You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Scott <ha...@gmail.com> on 2009/02/05 03:21:25 UTC
Realm Issue
Hello,
I am having an issue setting up a FORM realm in Tomcat 5.5.27. It does not
seem to be blocking access to protected resources for some reason, and I
cannot figure out why. If I access index.jsp, which is supposed to be
protected, the server just sends me to the index.jsp page. It does this for
every other page as well. It does not prompt me to login first, or block
access to protected resources.
I disabled the memory realm as well as created the correct db tables. The
issue has something to do with the Realm not being activated. I undeployed,
redeployed and rebuilt the app several times, and it still does not work.
It's strange because the app starts fine and I don't get any errors. The
realm just doesn't protect anything. Please give me some ideas or
something, on how to resolve this issue.
Thanks.
Here is my app info:
-------------------------------------- web.xml
-------------------------------------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/MyApp/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyApp REALM</realm-name>
<form-login-config>
<form-login-page>/MyApp/login.jsp</form-login-page>
<form-error-page>/MyApp/error.jsp</form-error-page>
</form-login-config>
</login-config>
-------------------------------------------------------- login.jsp
-------------------------------------------------
<form action=<%= response.encodeURL("j_security_check") %> method="get">
<fieldset>
<legend>User Login</legend>
<p><label>Username: </label><input type="text"
name="j_username"/></p>
<p><label>Password: </label><input type="password"
name="j_password"/></p>
<p class="submit"><input type="submit" value="Login"/></p>
</fieldset>
</form>
------------------------------------------------------------ server.xml
------------------------------------------------------------
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.gjt.mm.mysql.Driver"
connectionURL="jdbc:mysql://localhost/test_db"
connectionName="tester" connectionPassword="test"
userTable="users" userNameCol="user_name"
userCredCol="user_password"
userRoleTable="user_roles" roleNameCol="role_name" />
--
Scott
www.HikeHaven.com
Never under estimate the wisdom of nature!!!
Re: Realm Issue
Posted by André Warnier <aw...@ice-sa.com>.
Scott wrote:
> I figured it out. The style sheet just has to be in a directory that isn't
> locked down.
>
It's a common occurrence with authentication via login pages : the
initial access triggers a redirect to a login page, which itself
contains items to be retrieved from a protected area, which requests
thus trigger re-directs to the login page etc..
It's a lot of fun with frames and iframes and such..
Motto : keep the login page simple.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Realm Issue
Posted by Scott <ha...@gmail.com>.
I figured it out. The style sheet just has to be in a directory that isn't
locked down.
On Thu, Feb 5, 2009 at 5:57 PM, Scott <ha...@gmail.com> wrote:
> Thanks, that seems to have fixed the immediate issue. However, when I put
> the following in my login.jsp <head>, tomcat forwards me directly to the
> contents of the css file for some reason.
>
> <LINK REL=StyleSheet HREF="/MyApp/css/bbs.css" TYPE="text/css">
>
> In addition, the styles no longer format the login.jsp.
>
> Any idea what would cause this? Thanks.
>
>
> On Wed, Feb 4, 2009 at 11:45 PM, Caldarale, Charles R <
> Chuck.Caldarale@unisys.com> wrote:
>
>> > From: Scott [mailto:hacktorious@gmail.com]
>> > Subject: Realm Issue
>> >
>> > Here is my app info:
>>
>> Where is your webapp deployed? Where is the <Context> element for the
>> webapp (if it has one)? What's in its <Context> element (if it has one)?
>>
>> > <url-pattern>/MyApp/*</url-pattern>
>>
>> The <url-pattern> is relative to the webapp, not the host. You likely
>> just want /* here.
>>
>> > <form-login-page>/MyApp/login.jsp</form-login-page>
>> > <form-error-page>/MyApp/error.jsp</form-error-page>
>>
>> Same comment as above.
>>
>> You also need a <security-role> element.
>>
>> > server.xml
>>
>> Be aware that by placing the <Realm> in server.xml (where exactly?), it
>> will likely be used for *all* webapps, including the Tomcat manager. If you
>> only want the <Realm> to control a particular webapp, place the <Realm>
>> inside that webapp's <Context> element.
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you received
>> this in error, please contact the sender and delete the e-mail and its
>> attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> --
> Scott
> www.HikeHaven.com
> Never under estimate the wisdom of nature!!!
>
>
>
--
Scott
www.HikeHaven.com
Never under estimate the wisdom of nature!!!
Re: Realm Issue
Posted by Scott <ha...@gmail.com>.
Thanks, that seems to have fixed the immediate issue. However, when I put
the following in my login.jsp <head>, tomcat forwards me directly to the
contents of the css file for some reason.
<LINK REL=StyleSheet HREF="/MyApp/css/bbs.css" TYPE="text/css">
In addition, the styles no longer format the login.jsp.
Any idea what would cause this? Thanks.
On Wed, Feb 4, 2009 at 11:45 PM, Caldarale, Charles R <
Chuck.Caldarale@unisys.com> wrote:
> > From: Scott [mailto:hacktorious@gmail.com]
> > Subject: Realm Issue
> >
> > Here is my app info:
>
> Where is your webapp deployed? Where is the <Context> element for the
> webapp (if it has one)? What's in its <Context> element (if it has one)?
>
> > <url-pattern>/MyApp/*</url-pattern>
>
> The <url-pattern> is relative to the webapp, not the host. You likely just
> want /* here.
>
> > <form-login-page>/MyApp/login.jsp</form-login-page>
> > <form-error-page>/MyApp/error.jsp</form-error-page>
>
> Same comment as above.
>
> You also need a <security-role> element.
>
> > server.xml
>
> Be aware that by placing the <Realm> in server.xml (where exactly?), it
> will likely be used for *all* webapps, including the Tomcat manager. If you
> only want the <Realm> to control a particular webapp, place the <Realm>
> inside that webapp's <Context> element.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Scott
www.HikeHaven.com
Never under estimate the wisdom of nature!!!
RE: Realm Issue
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Scott [mailto:hacktorious@gmail.com]
> Subject: Realm Issue
>
> Here is my app info:
Where is your webapp deployed? Where is the <Context> element for the webapp (if it has one)? What's in its <Context> element (if it has one)?
> <url-pattern>/MyApp/*</url-pattern>
The <url-pattern> is relative to the webapp, not the host. You likely just want /* here.
> <form-login-page>/MyApp/login.jsp</form-login-page>
> <form-error-page>/MyApp/error.jsp</form-error-page>
Same comment as above.
You also need a <security-role> element.
> server.xml
Be aware that by placing the <Realm> in server.xml (where exactly?), it will likely be used for *all* webapps, including the Tomcat manager. If you only want the <Realm> to control a particular webapp, place the <Realm> inside that webapp's <Context> element.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org