You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Ivana <iv...@gmail.com> on 2010/11/15 13:33:47 UTC

Measure once, login twice?

I have a problem with authentication on tomcat. I use
RoleAuthorizationStrategy and formbased container managed authentication.
What happens is that tomcat always asks the user to authenticate twice. 

I have looked into it a little further and essentially the first login is
the wicket login and the second is when tomcat is happy the user has access.
Wicket ignores the second login.

Here is a snippet from my web.xml:
<security-constraint>
	<!-- give the world access to the stylesheets -->
 		<display-name>images and css</display-name>
 		<web-resource-collection>
 			<web-resource-name>images and css</web-resource-name>
 			<url-pattern>/css/*</url-pattern>
 			<url-pattern>/images/*</url-pattern>
 		</web-resource-collection>
 	</security-constraint>
 	<security-constraint>
	<!-- restrict access to the webapp -->
	 	<display-name>security constraint</display-name>
	 	<web-resource-collection>
	 		<web-resource-name>all resources</web-resource-name>
	 		<url-pattern>/*</url-pattern>
	 	</web-resource-collection>
	 	
	 	<auth-constraint>
	 		<description>Admins, users and internal users, see RTROLES</description>
	 		<!-- role name refers to group in ldap-->
	 		<role-name>ADMIN</role-name>
	 		<role-name>USER</role-name>
	 		<role-name>INTERNAL</role-name>
	 	</auth-constraint>
 	</security-constraint>
	
If i remove the security contstraint where i give the world access to the
css & images folders i do not only lose the formatting on the login-form but
also on the app. But only untill the user logs in the second time, when the
stylesheets become accesible.

I can use the credentials of any user for the second login, Wicket will
ignore them and i remain logged in as the original user. 

Am i missing something obvious?
-- 
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Measure-once-login-twice-tp3042978p3042978.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org