You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Barbara Newton <ba...@gmail.com> on 2013/04/18 19:55:51 UTC
Form Authentication
This is driving me crazy! I have configured from authentication in my
web.xml with a number of security constraints. None of the constraints map
to any CSS files. However, when I bring up the application the CSS files
are hitting the authentication. Since my form has styling this is a
problem of the chicken-and-egg sort since the CSS files are not
authenticated yet.
On top of that, when I do successfully authenticate, the CSS file is the
one that has been saved by the authenticator and is the one that is
returned so the browser just brings up the raw CSS file.
Any thoughts? Ideas?
=========================================================
The major difference between a thing that might go wrong and a thing that
cannot possibly go wrong is that when a thing that cannot possibly go wrong
goes wrong it usually turns out to be impossible to get at or repair
---* Douglas Adams*
Re: Form Authentication
Posted by Barbara Newton <ba...@gmail.com>.
Thank you for your reply. I figured it out...someone had put a security
constrain on "/" which meant everything ended up passing through the form
authenticator. Once I removed the constraint everything started working.
So yay for me.
=========================================================
The major difference between a thing that might go wrong and a thing that
cannot possibly go wrong is that when a thing that cannot possibly go wrong
goes wrong it usually turns out to be impossible to get at or repair
---* Douglas Adams*
On Thu, Apr 18, 2013 at 11:16 AM, Cédric Couralet <cedric.couralet@gmail.com
> wrote:
> Hello,
>
> Without knowing how are your security-constraint, and where are the
> css file, I don't think anyone could help you.
>
> Did you try as a last measure to force css file to pass through the
> authentification, something as :
> <security-constraint>
>
> <web-resource-collection><url-pattern>*.css</url-pattern></web-resource-collection>
> </security-constraint>
>
> (probably not a valid security-constraint, just to give the idea)
>
> I did this kind of thing for the favicon. We had a webapp entirely
> protected by form authentication and on firefox after authentication
> we were directed to the favicon.ico (when one existed). Firefox seems
> to get the favicon after the first request even when the status is
> 401... So we had to add a special security-constraint for the favicon
> for our application to work correctly and correct that firefox
> behavior (I want to say bug, but I'm sure there is a very good
> explanation for this :).
>
>
>
> 2013/4/18 Barbara Newton <ba...@gmail.com>:
> > This is driving me crazy! I have configured from authentication in my
> > web.xml with a number of security constraints. None of the constraints
> map
> > to any CSS files. However, when I bring up the application the CSS files
> > are hitting the authentication. Since my form has styling this is a
> > problem of the chicken-and-egg sort since the CSS files are not
> > authenticated yet.
> >
> > On top of that, when I do successfully authenticate, the CSS file is the
> > one that has been saved by the authenticator and is the one that is
> > returned so the browser just brings up the raw CSS file.
> >
> > Any thoughts? Ideas?
> >
> > =========================================================
> > The major difference between a thing that might go wrong and a thing that
> > cannot possibly go wrong is that when a thing that cannot possibly go
> wrong
> > goes wrong it usually turns out to be impossible to get at or repair
> > ---* Douglas Adams*
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Form Authentication
Posted by Cédric Couralet <ce...@gmail.com>.
Hello,
Without knowing how are your security-constraint, and where are the
css file, I don't think anyone could help you.
Did you try as a last measure to force css file to pass through the
authentification, something as :
<security-constraint>
<web-resource-collection><url-pattern>*.css</url-pattern></web-resource-collection>
</security-constraint>
(probably not a valid security-constraint, just to give the idea)
I did this kind of thing for the favicon. We had a webapp entirely
protected by form authentication and on firefox after authentication
we were directed to the favicon.ico (when one existed). Firefox seems
to get the favicon after the first request even when the status is
401... So we had to add a special security-constraint for the favicon
for our application to work correctly and correct that firefox
behavior (I want to say bug, but I'm sure there is a very good
explanation for this :).
2013/4/18 Barbara Newton <ba...@gmail.com>:
> This is driving me crazy! I have configured from authentication in my
> web.xml with a number of security constraints. None of the constraints map
> to any CSS files. However, when I bring up the application the CSS files
> are hitting the authentication. Since my form has styling this is a
> problem of the chicken-and-egg sort since the CSS files are not
> authenticated yet.
>
> On top of that, when I do successfully authenticate, the CSS file is the
> one that has been saved by the authenticator and is the one that is
> returned so the browser just brings up the raw CSS file.
>
> Any thoughts? Ideas?
>
> =========================================================
> The major difference between a thing that might go wrong and a thing that
> cannot possibly go wrong is that when a thing that cannot possibly go wrong
> goes wrong it usually turns out to be impossible to get at or repair
> ---* Douglas Adams*
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org