You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Nathan McMinn <nm...@charter.net> on 2003/01/06 15:45:50 UTC
Double Login?
I recently switched a web application from a memory realm to a JDBC realm
for authentication. After making the switch, the web app now requires that
users log in twice. The app is running with SSL, and using Basic
authentication. The Login.jsp page listed in the XML below as the welcome
file simply sets up session objects, etc. The first login occurs before the
Login.jsp page will load. Once all of the session setup is complete, the
Login.jsp page forwards the user to the application's main menu. It is at
this point that the system asks for another login. Has anyone seen this
behavior before? I've already searched Google, JGuru, etc etc. This is the
current web.xml for the application having the problem. Any help would be
greatly appreciated.
Thanks..
Nathan McMinn
<web-app>
<mime-mapping>
<extension>js</extension>
<mime-type>text/javascript</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>Login.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>WWEX Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>DELETED</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>DELETED</realm-name>
</login-config>
</web-app>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>