You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Madere, Colin" <co...@ieminc.com> on 2003/01/29 00:13:40 UTC
form-based login and login form locations
So I have a site that I want the entire thing secured via form-based login.
IOW, any content static or not should be secured. I set up the config below
as it was the only thing I could make work. However, if I hit the app
within the site, it doesn't ask for a login. When I add the auth config
stuff to the web.xml for the app, it requires a form be in the app's
directory (so now I have 2 login forms and fail pages and if it includes a
header and footer those also have to be duplicated to every app that
requires login).
This is a mess. How can I secure a whole site with a single form, static
and dynamic content alike?
I have a web.xml with auth info in "/www/public/WEB-INF" and a login.html in
"/www/public" which works.
I have the same auth setup in an app's dir
"/www/public/webapps/CalApp/WEB-INF" with the same login.html in
".../CalApp".
How do I do it all with one config and login/login_fail pages?
relevant content from server.xml:
<!-- Site 1 (default) (Public) -->
<Host name="192.168.16.208" debug="0" appBase="/www/public/webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
<DefaultContext>
<!-- set up virtual host variable for multi-site apps -->
<Parameter name="siteRole" value="public"/>
<!-- set up web app DB connection info in each host for
flexibilty -->
<Parameter name="DB_Driver" value="org.postgresql.Driver" />
<Parameter name="DB_URL"
value="jdbc:postgresql://localhost/WebApps" />
<Parameter name="DB_User" value="postgres" />
<Parameter name="DB_Pass" value="postgres" />
</DefaultContext>
<!-- set up document context since app-base of host is abnormal
-->
<Context path="" docBase="/www/public"/>
</Host>
from web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Site</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.shtml</form-login-page>
<form-error-page>/login_fail.shtml</form-error-page>
</form-login-config>
</login-config>
</web-app>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org