You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Adam Hardy <ah...@cyberspaceroad.com> on 2003/10/14 18:48:50 UTC
TC5 ssl form-based authentication & mozilla
I have set this up with the minimum configuration possible to try to
find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping,
and the tomcat realm - no SSO, no filters, no templates, no SSL-redirection.
With this security:
<web-resource-collection>
<web-resource-name>SSL 4 Login</web-resource-name>
<url-pattern>/login.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
when I try to login to my login.do mapping, in mozilla I get repeated
login requests from tomcat. The first time twice only, the 2nd time 5
times, 3rd time 10 times etc etc.
I can see from my logging that the realm login is successful, but tomcat
keeps giving the login page as stated.
This does not happen in IE6 or lynx, in which the login works as normal.
Has anybody else experienced this?
Thanks
Adam
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: TC5 ssl form-based authentication & mozilla
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
On 10/15/2003 10:32 AM Remy Maucherat wrote:
>> With this security:
>>
>> <web-resource-collection>
>> <web-resource-name>SSL 4 Login</web-resource-name>
>> <url-pattern>/login.do</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>user</role-name>
>> <role-name>admin</role-name>
>> </auth-constraint>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>>
>> when I try to login to my login.do mapping, in mozilla I get repeated
>> login requests from tomcat. The first time twice only, the 2nd time 5
>> times, 3rd time 10 times etc etc.
>>
>> I can see from my logging that the realm login is successful, but
>> tomcat keeps giving the login page as stated.
>>
>> This does not happen in IE6 or lynx, in which the login works as normal.
>>
>> Has anybody else experienced this?
>
>
> Did you get correctly switched to SSL mode ?
>
Yes. I have reduced the webapp to a minimum and bundled it in a war at
http://www.cyberspaceroad.com/test.war (right click it & "save target
as...") if you want to see what I'm doing. It contains the struts.jar
and is therefore 0.85MB. If you don't have broadband I can bundle it
without the jars too.
Sometimes the ssl form-based authentication loops on the login page, and
sometimes it gives the "invalid direct reference" error.
As mentioned above, the non-SSL normal form-based login works fine.
In IE6 it works fine too.
Rgds
Adam
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: TC5 ssl form-based authentication & mozilla
Posted by Remy Maucherat <re...@jboss.org>.
Adam Hardy wrote:
> I have set this up with the minimum configuration possible to try to
> find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping,
> and the tomcat realm - no SSO, no filters, no templates, no
> SSL-redirection.
>
> With this security:
>
> <web-resource-collection>
> <web-resource-name>SSL 4 Login</web-resource-name>
> <url-pattern>/login.do</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
>
> when I try to login to my login.do mapping, in mozilla I get repeated
> login requests from tomcat. The first time twice only, the 2nd time 5
> times, 3rd time 10 times etc etc.
>
> I can see from my logging that the realm login is successful, but tomcat
> keeps giving the login page as stated.
>
> This does not happen in IE6 or lynx, in which the login works as normal.
>
> Has anybody else experienced this?
Did you get correctly switched to SSL mode ?
--
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Rémy Maucherat
Senior Developer & Consultant
JBoss Group (Europe) SàRL
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: TC5 & mozilla
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
On 10/15/2003 10:50 AM Adam Hardy wrote:
> Can anybody check out this issue for me quickly.
>
> Tomcat5's form-based authentication does not work under SSL with a
> Struts mapping, in Mozilla 1.5.
>
> TC5 loops straight back to the login page again and again OR it gives me
> an "invalid direct reference to j_security_check"
>
> Without SSL it works fine.
>
> Without a Struts mapping (i.e. straight to a JSP) it works fine.
I just built in a login to a JSP to prove this point but now I find that
this doesn't work either. Strange since it did yesterday night. I've
obviously got too many loose ends here. I guess this exonerates Struts.
>
> Also in Internet Explorer it works fine.
>
> I've bundled the necessary .jsp & .xml files in a war (including
> struts.jar, so it's 0.85MB) so you can drop it in your webapps
> directory. It uses the MemoryRealm with tomcat-users.xml, which should
> be set up by default in your server.xml.
>
> So basically login with tomcat/tomcat.
>
> Here's the WAR: http://www.cyberspaceroad.com/test.war
>
> I'd right click it and select "save target as".
>
> Thanks for the help. I haven't raised this with tomcat yet, I want to
> make sure I'm not the only one first.
>
> Adam
>
>
> On 10/14/2003 06:48 PM Adam Hardy wrote:
>
>> I have set this up with the minimum configuration possible to try to
>> find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping,
>> and the tomcat realm - no SSO, no filters, no templates, no
>> SSL-redirection.
>>
>> With this security:
>>
>> <web-resource-collection>
>> <web-resource-name>SSL 4 Login</web-resource-name>
>> <url-pattern>/login.do</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>user</role-name>
>> <role-name>admin</role-name>
>> </auth-constraint>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>>
>> when I try to login to my login.do mapping, in mozilla I get repeated
>> login requests from tomcat. The first time twice only, the 2nd time 5
>> times, 3rd time 10 times etc etc.
>>
>> I can see from my logging that the realm login is successful, but
>> tomcat keeps giving the login page as stated.
>>
>> This does not happen in IE6 or lynx, in which the login works as normal.
>>
>> Has anybody else experienced this?
>>
>> Thanks
>> Adam
>>
>
>
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: TC5 & mozilla
Posted by Adam Hardy <ah...@cyberspaceroad.com>.
Can anybody check out this issue for me quickly.
Tomcat5's form-based authentication does not work under SSL with a
Struts mapping, in Mozilla 1.5.
TC5 loops straight back to the login page again and again OR it gives me
an "invalid direct reference to j_security_check"
Without SSL it works fine.
Without a Struts mapping (i.e. straight to a JSP) it works fine.
Also in Internet Explorer it works fine.
I've bundled the necessary .jsp & .xml files in a war (including
struts.jar, so it's 0.85MB) so you can drop it in your webapps
directory. It uses the MemoryRealm with tomcat-users.xml, which should
be set up by default in your server.xml.
So basically login with tomcat/tomcat.
Here's the WAR: http://www.cyberspaceroad.com/test.war
I'd right click it and select "save target as".
Thanks for the help. I haven't raised this with tomcat yet, I want to
make sure I'm not the only one first.
Adam
On 10/14/2003 06:48 PM Adam Hardy wrote:
> I have set this up with the minimum configuration possible to try to
> find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping,
> and the tomcat realm - no SSO, no filters, no templates, no
> SSL-redirection.
>
> With this security:
>
> <web-resource-collection>
> <web-resource-name>SSL 4 Login</web-resource-name>
> <url-pattern>/login.do</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> <role-name>admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
>
> when I try to login to my login.do mapping, in mozilla I get repeated
> login requests from tomcat. The first time twice only, the 2nd time 5
> times, 3rd time 10 times etc etc.
>
> I can see from my logging that the realm login is successful, but tomcat
> keeps giving the login page as stated.
>
> This does not happen in IE6 or lynx, in which the login works as normal.
>
> Has anybody else experienced this?
>
> Thanks
> Adam
>
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org