authorization using tomcat...
I am testing web resource form-based authentication. I have created a dummy jsp page Details.jsp and have created the following nodes in web.xml: security-constraint web-resource-collection web-resource-nameSecurePages/web-resource-name url-patternDetails.jsp/url-pattern /web-resource-collection auth-constraint role-nameEditUsers/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionUsers who can edit/description role-nameEditUsers/role-name /security-role I have created a EditUsers role in tomcat-users.xml. But when I access Details.jsp, I am redirected to the Netscape search page !!! I am able to access the login and error.jsp pages fine. Any ideas ? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
Hi Padu, It looks like you have this set up OK. Do you have a memory realm set up in conf/web.xml as is required for this setup? Also, since your transport guarantee is set up as confidential it is going to use SSL so you either have to use an HTTPS:// url or you have to have redirection turned on in port 80 (or whatever your HTTP port is) in conf/web.xml. If your HTTPS port isn't 443 you'll have to have :8443 (if 8443 is the HTTPS port) in the url too. Rick - Original Message - From: Padhu Vinirs [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 10:19 AM Subject: authorization using tomcat... I am testing web resource form-based authentication. I have created a dummy jsp page Details.jsp and have created the following nodes in web.xml: security-constraint web-resource-collection web-resource-nameSecurePages/web-resource-name url-patternDetails.jsp/url-pattern /web-resource-collection auth-constraint role-nameEditUsers/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionUsers who can edit/description role-nameEditUsers/role-name /security-role I have created a EditUsers role in tomcat-users.xml. But when I access Details.jsp, I am redirected to the Netscape search page !!! I am able to access the login and error.jsp pages fine. Any ideas ? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
On Wed, 2 Oct 2002, Padhu Vinirs wrote: url-patternDetails.jsp/url-pattern URL patterns need to start with a / character. Change this to: url-pattern/Details.jsp/url-pattern and you will have much better luck. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
I did make that change and uncommented the MemoryRealm in servers.xml, restarted the server. Now I dont see any error in the logs files, but I get a error The server encountered an internal error (/ExamBuilder/Details.jsp) that prevented it from fulfilling this request. My servers.xml entry is: Realm className=org.apache.catalina.realm.MemoryRealm / Any ideas ? Thanks -- padhu Craig R. McClanahan wrote: On Wed, 2 Oct 2002, Padhu Vinirs wrote: url-patternDetails.jsp/url-pattern URL patterns need to start with a / character. Change this to: url-pattern/Details.jsp/url-pattern and you will have much better luck. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
When I commented out the data constraint CONFIDENTIAL the code worked. Thanks everybody, -- padhu Craig R. McClanahan wrote: On Wed, 2 Oct 2002, Padhu Vinirs wrote: url-patternDetails.jsp/url-pattern URL patterns need to start with a / character. Change this to: url-pattern/Details.jsp/url-pattern and you will have much better luck. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
Now I am able to access the secure page through the login page. But even if I close the browser ( whcih i assume will close the session ), and restart it, I am able to access the secure page without going through the login page. Is there a place where I need to say that the login info should not be a permanent cookie but only session scope ??? Thanks -- padhu Rick Fincher wrote: Hi Padu, It looks like you have this set up OK. Do you have a memory realm set up in conf/web.xml as is required for this setup? Also, since your transport guarantee is set up as confidential it is going to use SSL so you either have to use an HTTPS:// url or you have to have redirection turned on in port 80 (or whatever your HTTP port is) in conf/web.xml. If your HTTPS port isn't 443 you'll have to have :8443 (if 8443 is the HTTPS port) in the url too. Rick - Original Message - From: Padhu Vinirs [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 10:19 AM Subject: authorization using tomcat... I am testing web resource form-based authentication. I have created a dummy jsp page Details.jsp and have created the following nodes in web.xml: security-constraint web-resource-collection web-resource-nameSecurePages/web-resource-name url-patternDetails.jsp/url-pattern /web-resource-collection auth-constraint role-nameEditUsers/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionUsers who can edit/description role-nameEditUsers/role-name /security-role I have created a EditUsers role in tomcat-users.xml. But when I access Details.jsp, I am redirected to the Netscape search page !!! I am able to access the login and error.jsp pages fine. Any ideas ? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
Sounds like you are close now. It is working but it is rejecting your username, password or role. The name and role in WEB-INF/web.xml have to match the name and role in conf/tomcat-users.xml. The password is verified at login and must match the password in conf/tomcat-users.xml. You can add a debug statement to the realm configuration in conf/server.xml to give you some debug output on this to help narrow down the problem, but I think it is a mis-match in the password-username-role somewhere. See Realm How-To memory realm in the docs for details. Rick - Original Message - From: Padhu Vinirs [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 1:58 PM Subject: Re: authorization using tomcat... I did make that change and uncommented the MemoryRealm in servers.xml, restarted the server. Now I dont see any error in the logs files, but I get a error The server encountered an internal error (/ExamBuilder/Details.jsp) that prevented it from fulfilling this request. My servers.xml entry is: Realm className=org.apache.catalina.realm.MemoryRealm / Any ideas ? Thanks -- padhu Craig R. McClanahan wrote: On Wed, 2 Oct 2002, Padhu Vinirs wrote: url-patternDetails.jsp/url-pattern URL patterns need to start with a / character. Change this to: url-pattern/Details.jsp/url-pattern and you will have much better luck. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
Ah Ha. That means you didn't have HTTPS set up properly in the Connector for SSL Coyote HTTP 1.1, in the conf/server.xml file. Rick - Original Message - From: Padhu Vinirs [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 2:07 PM Subject: Re: authorization using tomcat... When I commented out the data constraint CONFIDENTIAL the code worked. Thanks everybody, -- padhu Craig R. McClanahan wrote: On Wed, 2 Oct 2002, Padhu Vinirs wrote: url-patternDetails.jsp/url-pattern URL patterns need to start with a / character. Change this to: url-pattern/Details.jsp/url-pattern and you will have much better luck. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
You have to call the invalidate method on the session. You can also use setMaxInactiveInterval(int seconds) to kill the session after an inactive period. I think the default in Tomcat is 30 minutes. Rick - Original Message - From: Padhu Vinirs [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 2:19 PM Subject: Re: authorization using tomcat... Now I am able to access the secure page through the login page. But even if I close the browser ( whcih i assume will close the session ), and restart it, I am able to access the secure page without going through the login page. Is there a place where I need to say that the login info should not be a permanent cookie but only session scope ??? Thanks -- padhu Rick Fincher wrote: Hi Padu, It looks like you have this set up OK. Do you have a memory realm set up in conf/web.xml as is required for this setup? Also, since your transport guarantee is set up as confidential it is going to use SSL so you either have to use an HTTPS:// url or you have to have redirection turned on in port 80 (or whatever your HTTP port is) in conf/web.xml. If your HTTPS port isn't 443 you'll have to have :8443 (if 8443 is the HTTPS port) in the url too. Rick - Original Message - From: Padhu Vinirs [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 10:19 AM Subject: authorization using tomcat... I am testing web resource form-based authentication. I have created a dummy jsp page Details.jsp and have created the following nodes in web.xml: security-constraint web-resource-collection web-resource-nameSecurePages/web-resource-name url-patternDetails.jsp/url-pattern /web-resource-collection auth-constraint role-nameEditUsers/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionUsers who can edit/description role-nameEditUsers/role-name /security-role I have created a EditUsers role in tomcat-users.xml. But when I access Details.jsp, I am redirected to the Netscape search page !!! I am able to access the login and error.jsp pages fine. Any ideas ? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: authorization using tomcat...
hi , I am trying to use the JDBC authentication using Informix database on Debain Tomcat 4.1. The snippet of the server.xml : !-- Realm className=org.apache.catalina.realm.UserDatabaseRealm debug=0 resourceName=UserDatabase/ -- Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.informix.jdbc.IfxDriver connectionURL=jdbc:informix-sqli;user=kjmi;password=tomcat userTable=atroxlogin userNameCol=username userCredCol=password userRoleTable=user_roles roleNameCol=role_name / execution - 1. tomcat process started 2. tried to access the page login.jsp. It throws an expection connection refused. 3. When tomcat process is stopped. schroeder:/etc/init.d# tomcat4 stop Using CATALINA_BASE: /usr/share/tomcat4 Using CATALINA_HOME: /usr/share/tomcat4 Using CATALINA_TMPDIR: /usr/share/tomcat4/temp Using JAVA_HOME: /usr/lib/j2sdk1.3 Catalina.stop: java.net.ConnectException: Connection refused java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:320) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:133) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:120) at java.net.Socket.init(Socket.java:273) at java.net.Socket.init(Socket.java:100) at org.apache.catalina.startup.Catalina.stop(Catalina.java:579) at org.apache.catalina.startup.Catalina.execute(Catalina.java:402) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) I went the documentation of Tomcat explaining the JDBCRealm - how to. But , if you can explain me the steps to go through I would greatly appreciate. Thanks, Mubaraka Arif DataManagement Software Developer St Mary's University On 2002.10.02 13:19 Padhu Vinirs wrote: Now I am able to access the secure page through the login page. But even if I close the browser ( whcih i assume will close the session ), and restart it, I am able to access the secure page without going through the login page. Is there a place where I need to say that the login info should not be a permanent cookie but only session scope ??? Thanks -- padhu Rick Fincher wrote: Hi Padu, It looks like you have this set up OK. Do you have a memory realm set up in conf/web.xml as is required for this setup? Also, since your transport guarantee is set up as confidential it is going to use SSL so you either have to use an HTTPS:// url or you have to have redirection turned on in port 80 (or whatever your HTTP port is) in conf/web.xml. If your HTTPS port isn't 443 you'll have to have :8443 (if 8443 is the HTTPS port) in the url too. Rick - Original Message - From: Padhu Vinirs [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 02, 2002 10:19 AM Subject: authorization using tomcat... I am testing web resource form-based authentication. I have created a dummy jsp page Details.jsp and have created the following nodes in web.xml: security-constraint web-resource-collection web-resource-nameSecurePages/web-resource-name url-patternDetails.jsp/url-pattern /web-resource-collection auth-constraint role-nameEditUsers/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionUsers who can edit/description role-nameEditUsers/role-name /security-role I have created a EditUsers role in tomcat-users.xml. But when I access Details.jsp, I am redirected to the Netscape search page !!! I am able to access the login and error.jsp pages fine. Any ideas ? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]