Form Authentication Issues

Wed, 27 Aug 2008 12:28:55 -0700 

Hello All,
After getting a response yesterday about BASIC authentication and being told to switch to FORM based authentication, I've been trying to do this for quite awhile and I can get FORM authentication to work sometimes on test applications but I can never get it to work on a real application. I get the login screen correctly but then everytime I try to log in I get the Error page. HELP!!!! Here is my server.xml file: 

<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="/data/_b/TestSite" path="/TestSite">
 Resource name="jdbc/lostAndFoundDB" auth="Container"
       maxActive="100" maxIdle="30" maxWait="10000"
       username="[left blank]" password="[left blank]"
       driverClassName="com.mysql.jdbc.Driver"
       url="jdbc:mysql://localhost:3306/lostAndFound?autoReconnect=true"
       logAbandoned="true" removeAbandoned="true"
       removeAbandonedTimeout="60" type="javax.sql.DataSource" />

 <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
    driverName="com.mysql.jdbc.Driver"

    connectionURL="jdbc:mysql://localhost:3306/lostAndFound?user=[left 
blank]&amp;password=[left blank]"

    userTable="UserPass" userNameCol="Username" userCredCol="Password"
    userRoleTable="UserRole" roleNameCol="Rolename" />
</Context>


Currently I am trying to use the JDBCRealm but I have also tried this 
using the DataSourceRealm and get the exact same results.  For 
information purposes here is my web.xml file also:


<?xml version="1.0" encoding="ISO-8859-1"?>

<web-app id="WebApp_ID" version="2.4"
   xmlns="http://java.sun.com/xml/ns/j2ee";
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";

   xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";>


   <display-name>Test Site</display-name>

   <context-param>

       <param-name>javax.servlet.jsp.jstl.fmt.localizationContext 
</param-name>

       <param-value>messages</param-value>
   </context-param>

   <servlet>
       <servlet-name>vraptor2</servlet-name>
       <servlet-class>org.vraptor.VRaptorServlet</servlet-class>
       <load-on-startup>1</load-on-startup>
   </servlet>

   <servlet-mapping>
       <servlet-name>vraptor2</servlet-name>
       <url-pattern>*.logic</url-pattern>
   </servlet-mapping>

  
   <!-- Define Velocity template compiler -->

   <servlet>
     <servlet-name>velocity</servlet-name>
     <servlet-class>
        org.apache.velocity.tools.view.servlet.VelocityViewServlet
     </servlet-class>
   </servlet>

   <!-- Map *.vm files to Velocity -->
   <servlet-mapping>
     <servlet-name>velocity</servlet-name>
     <url-pattern>*.vm</url-pattern>
   </servlet-mapping>

       <servlet>
               <servlet-name>CookieUtil</servlet-name>
               <servlet-class>logic.CookieUtil</servlet-class>
       </servlet>

       <servlet-mapping>
               <servlet-name>CookieUtil</servlet-name>
               <url-pattern>/cookieutil</url-pattern>
       </servlet-mapping>

  
   <!-- Database connection information for connection pooling

   <res-ref-name>jdbc/testSite</res-ref-name>-->
   <res-ref-name>jdbc/lostAndFoundDB</res-ref-name>

   <security-role>
       <description>Lost and Found Admin</description>
       <role-name>lfadmin</role-name>
   </security-role>
   <security-role>
       <description>Lost and Found Staff</description>
       <role-name>lfstaff</role-name>

   </security-role>   
   <security-role>

       <description>Lost and Found User</description>
       <role-name>lfuser</role-name>
   </security-role>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfuser</role-name>
       </auth-constraint>
   </security-constraint>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/update.form.logic</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfstaff</role-name>
       </auth-constraint>
   </security-constraint>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/itemupdate.insert.logic</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfstaff</role-name>
       </auth-constraint>
   </security-constraint>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/insert.form.logic</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfstaff</role-name>
       </auth-constraint>
   </security-constraint>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/admin.edit.logic</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfadmin</role-name>
       </auth-constraint>
   </security-constraint>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/admin.editterms.logic</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfadmin</role-name>
       </auth-constraint>
   </security-constraint>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/admin.manage.logic</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfadmin</role-name>
       </auth-constraint>
   </security-constraint>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/admin.olditems.logic</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfadmin</role-name>
       </auth-constraint>
   </security-constraint>

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/admin/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>lfadmin</role-name>
       </auth-constraint>
   </security-constraint>

   <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
           <form-login-page>/login.vm</form-login-page>
           <form-error-page>/error.html</form-error-page>
       </form-login-config>
   </login-config>

  
   <welcome-file-list>

       <welcome-file>index.vm</welcome-file>
   </welcome-file-list>
</web-app>



I do have the correct table names and columns in my lostAndFound 
database and I am using the j_security_check with the j_username and 
j_password in my login.vm file.  I am using Tomcat6 with VRaptor and 
Velocity frameworks.  If anyone can help me I would love it!  I'm 
starting to lose my mind!!!!  I've been trying to get this to work with 
FORMs for over a month now.


Thanks,
Erik Rumppe
PA II
University of California, Berkeley - LSO

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to