You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by rajaxn r <ra...@yahoo.com> on 2001/06/18 19:36:46 UTC

servlet authentication mechanism

Hi
  I am configuring a web application to run with
servlet 
authentication mechanism. The webapplication is to be
configured on 
both tomcat 3.2
I created entries in web.xml like the below
/*********************************************
<web-app>
	<display-name>Test1</display-name>
	<servlet>
		<icon></icon>
		<servlet-name>TestServlet</servlet-name>
		<display-name>testservetr</display-name>
		<servlet-class>test.TestServlet</servlet-class>
	</servlet>
	<servlet-mapping>
		<servlet-name>TestServlet</servlet-name>
		<url-pattern>/test/TestServlet</url-pattern>
	</servlet-mapping>
	<security-constraint>
		<web-resource-collection>
		<web-resource-name>TestServlet</web-resource-name>
			<description></description>
			<url-pattern>/test/TestServlet</url-pattern>
			<http-method>
			GET</http-method>
			<http-method>
			POST</http-method>
		</web-resource-collection>
		<auth-constraint>
			<description></description>
			<role-name>manager</role-name>
		</auth-constraint>
	</security-constraint>
	<login-config>
 		<auth-method>
		  FORM 
		</auth-method>
 		<form-login-config>
		<form-login-page>/loginpage.html</form-login-page> 
	       
<form-error-page>/errorpage.html</form-error-page> 
  		</form-login-config>
  	</login-config>
	<security-role>
		<description></description>
		<role-name>manager</role-name>
	</security-role>
</web-app>


I also included entries in the tomcat-users.xml  like

/************************************
<tomcat-users>
  <user name="tomcat" password="tomcat"
roles="tomcat,manager"/>
  <user name="role1" password="tomcat" roles="role1"/>
  <user name="both" password="tomcat"
roles="tomcat,role1"/>
  <user name="user1" password="password1"
roles="manager" />
</tomcat-users>

The form test.html calls the servlet TestServlet which
is protected 
by a form based servlet authentication which calls
loginpage.html. loginpage.html has a form with action
j_security_check and fields j_username & j_password
But loginpage.html doesnt accept any of the
user/password pairs above 
in the tomcat users.xml file

Can someone also tell me how to do the above so that a
custom login 
page can be called instead of the page with
"j_security_check" 



__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/