You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by rajaxn r <ra...@yahoo.com> on 2001/06/18 19:36:46 UTC
servlet authentication mechanism
Hi
I am configuring a web application to run with
servlet
authentication mechanism. The webapplication is to be
configured on
both tomcat 3.2
I created entries in web.xml like the below
/*********************************************
<web-app>
<display-name>Test1</display-name>
<servlet>
<icon></icon>
<servlet-name>TestServlet</servlet-name>
<display-name>testservetr</display-name>
<servlet-class>test.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test/TestServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>TestServlet</web-resource-name>
<description></description>
<url-pattern>/test/TestServlet</url-pattern>
<http-method>
GET</http-method>
<http-method>
POST</http-method>
</web-resource-collection>
<auth-constraint>
<description></description>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>
FORM
</auth-method>
<form-login-config>
<form-login-page>/loginpage.html</form-login-page>
<form-error-page>/errorpage.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description></description>
<role-name>manager</role-name>
</security-role>
</web-app>
I also included entries in the tomcat-users.xml like
/************************************
<tomcat-users>
<user name="tomcat" password="tomcat"
roles="tomcat,manager"/>
<user name="role1" password="tomcat" roles="role1"/>
<user name="both" password="tomcat"
roles="tomcat,role1"/>
<user name="user1" password="password1"
roles="manager" />
</tomcat-users>
The form test.html calls the servlet TestServlet which
is protected
by a form based servlet authentication which calls
loginpage.html. loginpage.html has a form with action
j_security_check and fields j_username & j_password
But loginpage.html doesnt accept any of the
user/password pairs above
in the tomcat users.xml file
Can someone also tell me how to do the above so that a
custom login
page can be called instead of the page with
"j_security_check"
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/