Security (using FormAuthentication) not working against WebSphere 5.1

Tue, 08 Jun 2004 00:36:02 -0700 



We are running our test on the workstation (using WebSphere Studio) against
Tomcat 4.1.29
which works fine even for secured Urls (using FormAuthentication).

When I run our suite against WebSphere 5.1.0.4 the tests using
FormAuthentication fail reporting

      "Failed to authenticate the principal."

Logging the Header-Keys in method getCookie() of the class
FormAuthentication I can see
different results against Tomcat / WebSphere ...
There is no session-cookie jsessionid in the WebSphere headers and
Cache-Control is set to no-cache="set-cookie,set-cookie2".

### Tomcat ###

getCookie(theConnection, theTarget) - Header: null:HTTP/1.1 302 Moved
Temporarily
getCookie(theConnection, theTarget) - Header: Pragma:No-cache
getCookie(theConnection, theTarget) - Header: Cache-Control:no-cache
getCookie(theConnection, theTarget) - Header: Expires:Thu, 01 Jan 1970
00:00:00 GMT
getCookie(theConnection, theTarget) - Header:
Set-Cookie:JSESSIONID=4B109CE76EE490AABB3E1E4B0F23EA67;
Path=/mandeploymantwebapp
getCookie(theConnection, theTarget) - Header:
Location:http://localhost:8080/mandeploymantwebapp/jsp/LoginForm.jsp;jsessionid=4B109CE76EE490AABB3E1E4B0F23EA67
getCookie(theConnection, theTarget) - Header: Content-Length:0
getCookie(theConnection, theTarget) - Header: Date:Tue, 08 Jun 2004
06:50:05 GMT
getCookie(theConnection, theTarget) - Header: Server:Apache-Coyote/1.1

###

### WebSphere ###

getCookie(theConnection, theTarget) - Header: null:HTTP/1.1 302 Found
getCookie(theConnection, theTarget) - Header: Date:Tue, 08 Jun 2004
06:24:12 GMT
getCookie(theConnection, theTarget) - Header:
Server:IBM_HTTP_Server/2.0.47-PQ84017 Apache/2.0.47 (Unix) DAV/2
getCookie(theConnection, theTarget) - Header:
Set-Cookie:WASReqURL=http://mmwasint.mn-man.biz:8085/mandeploymantwebapp/ServletRedirectorSecure?;Path=/
getCookie(theConnection, theTarget) - Header:
Cache-Control:no-cache="set-cookie,set-cookie2"
getCookie(theConnection, theTarget) - Header: Expires:Thu, 01 Dec 1994
16:00:00 GMT
getCookie(theConnection, theTarget) - Header:
Location:http://mmwasint.mn-man.biz:8085/mandeploymantwebapp/jsp/LoginForm.jsp
getCookie(theConnection, theTarget) - Header: Content-Length:0
getCookie(theConnection, theTarget) - Header: Content-Type:text/html;
charset=ISO-8859-1
getCookie(theConnection, theTarget) - Header: Content-Language:en-US

###

Anyway, when I request the Url (against WebSphere)

      http://hostname:port/context/ServletRedirectoSecure?

I get forwarded to the login-page.

Before submitting the Login-Page I request

      javascript:alert(document.cookie)

and I get two cookies (WASReqURL and JSESSIONID).


Can anybody please explain the different behaviour or point me in the right
direction ...

Thanks a lot for any help !!!

Toni Grimm

---------------------------------------------------------------
Anton Grimm
MAN Nutzfahrzeuge AG
IDP - Software Produktionsumgebungen
Dachauerstr.667
D - 80995 M�nchen

Fon:       +49-89-1580-1054
Fax:       +49-89-1580-4550
mailto:    [EMAIL PROTECTED]
Internet: http://www.man-trucks.com
---------------------------------------------------------------



This message and any attachments are confidential and may be privileged or otherwise 
protected from disclosure.
If you are not the intended recipient, please telephone or email the sender and delete 
this message and any attachment
from your system. If you are not the intended recipient, you must not copy this 
message or attachment or disclose the
contents to any other person.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to