You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Debra Bartling <de...@berkeley.edu> on 2006/05/04 02:14:15 UTC

Tomcat 5.5.17 FORM authentication problem

I'm having problems with FORM authentication with Tomcat 5.5.17. 
BASIC authentication works OK. (This is a follow up to a question I 
posted in March related to PDFs and form authentication and 
mod_proxy_ajp -- similar problem, simpler configuration.)

I'm trying to use the container managed security to protect an entire 
webapp: <url-pattern>/*</url-pattern>. Contents: PDF files and images 
(no servlets).

With BASIC authentication:

Mozilla Firefox: Works as expected
1. Request testfile.jpg: Login dialog appears.
2. Submit: Image appears.
3. Save as ... Image is saved as a jpg.

Internet Explorer: Works as expected but images can only be saved as bitmap.
1. Request testfile.jpg: Login dialog appears.
2. Submit: Image appears.
3. Save as ... wants to save untitled.bmp (no selection for jpg).
4. After logging in, all images save as bitmap (no selection for jpg).

With BASIC authentication if I add:
     <Valve className="org.apache.catalina.authenticator.BasicAuthenticator"
         disableProxyCaching="false" />

Mozilla Firefox: Works as expected
Internet Explorer: Works as expected (Image is saved as a jpg.)

With FORM authentication:

Mozilla Firefox: Works as expected except "Save as ..."
1. Request testfile.jpg: Login form appears.
2. Submit: Image appears.
3. Save as ... wants to save j_security_check.htm.
4. After logging in, a second image loads and saves correctly.

Internet Explorer: Works as expected but images can only be saved as bitmap.
1. Request testfile.jpg: Login form appears.
2. Submit: Image appears.
3. Save as ... wants to save untitled.bmp.
4. After logging in, all images save as bitmap.

With FORM authentication if I add:
     <Valve className="org.apache.catalina.authenticator.FormAuthenticator"
         disableProxyCaching="false" />

Mozilla Firefox: Login does not redirect correctly!
1. Request testfile.jpg: Login form appears.
2. Submit: Login form appears again!
3. Refresh (!!!): Image appears.
3. Save as ... Image is saved as jpg.
4. After logging in, a second image loads and saves correctly.

Internet Explorer: Works as expected but the first image can only be 
saved as a bitmap.
1. Request testfile.jpg: Login form appears.
2. Submit: Image appears.
3. Save as ... Image is saved as untitled.bmp.
4. After logging in, a second image loads and saves correctly.

Test environment: Solaris 8. Java 1.4.2_03. Tomcat 5.5.17 with 
compatibility package, binary installation, running stand-alone on 
port 80, no APR. Minimal changes to the default configuration except 
to enable authentication and add my test webapp. Browsers are Mozilla 
Firefox 1.5.0.x and Internet Explorer (6 and 7) on Windows XP.

Am I missing something simple or is this a bug?

Debra Bartling
Earthquake Engineering Research Center
University of California, Berkeley


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org