Java.mail smtp authentication
Hi I am using the following config with tc/jndi javamail to connect to an smtp server which needs authentication. If OI put the username/password/port into Outlook Express and check needs authentication it works OK. With TC and my settings I get an auth failure. AM I using the correct properties? The password prop doesn't seem to appear any where in the docs Many thanks if anyone knows this - I've not found any answers on Google (only questions) Resource name=mail/Session auth=Container type=javax.mail.Session/ ResourceParams name=mail/Session parameter namemail.smtp.host/name valuesmtp.myispname.com/value /parameter parameter namemail.smtp.port/name value225/value /parameter parameter namemail.smtp.auth/name valuetrue/value /parameter parameter namemail.smtp.user/name valuemyusername/value /parameter parameter namemail.smtp.password/name valuemypassword/value /parameter /ResourceParams
FORM based authentication config
Hi I'm having trouble getting form based authentication to work. Any help much appreciated. I'm missing something simple I'm sure. (TC 5.0.19, W2K, Mysql4) I am using a JDBC Realm which works fine with BASIC auth. After changing to FORM and try http://127.0.0.1:8080/MyApp/security/protected/login.jsp I get: The requested resource (/MyApp/security/protected/login.jsp) is not available. To set this up I copied the files from the JSP examples - login.jsp, error.jsp in folders \security\protected to \MyApp\security\protected\ I copied web.xml parts: servlet servlet-nameorg.apache.jsp.security.protected_.error_jsp/servlet-name servlet-classorg.apache.jsp.security.protected_.error_jsp/servlet-class /servlet servlet servlet-nameorg.apache.jsp.security.protected_.index_jsp/servlet-name servlet-classorg.apache.jsp.security.protected_.index_jsp/servlet-class /servlet servlet servlet-nameorg.apache.jsp.security.protected_.login_jsp/servlet-name servlet-classorg.apache.jsp.security.protected_.login_jsp/servlet-class /servlet and mappings servlet-mapping servlet-nameorg.apache.jsp.security.protected_.error_jsp/servlet-name url-pattern/security/protected/error.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nameorg.apache.jsp.security.protected_.index_jsp/servlet-name url-pattern/security/protected/index.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nameorg.apache.jsp.security.protected_.login_jsp/servlet-name url-pattern/security/protected/login.jsp/url-pattern /servlet-mapping with security-constraint web-resource-collection web-resource-nameCalendar/web-resource-name url-pattern/Calendar/url-pattern !-- ...more... -- /web-resource-collection auth-constraint role-nameuser/role-name role-nameadmin/role-name role-namesysadmin/role-name /auth-constraint /security-constraint and configured login-config auth-methodFORM/auth-method realm-nameMyApp/realm-name form-login-page/security/protected/login.jsp/form-login-page form-error-page/security/protected/error.jsp/form-error-page /login-config Chris
Re: FORM based authentication config
Thanks for that - but what it describes is what I have done, I think. The problem is: If you have the servlet definitions and mappings, the page isn't found - Since they are JSPs above web-inf in the context folder I think they don't need them. If you don't have the mappings then you get: HTTP Status 400 - Invalid direct reference to form login page - with a correct pw/un org.apache.catalina.authenticator.FormAuthenticator authenticate WARNING: Unexpected error forwarding to error page java.lang.NullPointerException with incorrect un/pw i.e. FormAuthenticator cannot forward to say the error page Chris - Original Message - From: Goel, Manish Kumar [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 2:26 PM Subject: RE: FORM based authentication config Hi, see this this might help you http://www.webservertalk.com/message633890.html cheers Manish -Original Message- From: Chris Chappell [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 21, 2004 7:45 PM To: Tomcat Users List Subject: FORM based authentication config Hi I'm having trouble getting form based authentication to work. Any help much appreciated. I'm missing something simple I'm sure. (TC 5.0.19, W2K, Mysql4) I am using a JDBC Realm which works fine with BASIC auth. After changing to FORM and try http://127.0.0.1:8080/MyApp/security/protected/login.jsp I get: The requested resource (/MyApp/security/protected/login.jsp) is not available. To set this up I copied the files from the JSP examples - login.jsp, error.jsp in folders \security\protected to \MyApp\security\protected\ I copied web.xml parts: servlet servlet-nameorg.apache.jsp.security.protected_.error_jsp/servlet-name servlet-classorg.apache.jsp.security.protected_.error_jsp/servlet-class /servlet servlet servlet-nameorg.apache.jsp.security.protected_.index_jsp/servlet- name servlet-classorg.apache.jsp.security.protected_.index_jsp/servlet-class /servlet servlet servlet-nameorg.apache.jsp.security.protected_.login_jsp/servlet-name servlet-classorg.apache.jsp.security.protected_.login_jsp/servlet-class /servlet and mappings servlet-mapping servlet-nameorg.apache.jsp.security.protected_.error_jsp/servlet-name url-pattern/security/protected/error.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nameorg.apache.jsp.security.protected_.index_jsp/servlet-name url-pattern/security/protected/index.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nameorg.apache.jsp.security.protected_.login_jsp/servlet-name url-pattern/security/protected/login.jsp/url-pattern /servlet-mapping with security-constraint web-resource-collection web-resource-nameCalendar/web-resource-name url-pattern/Calendar/url-pattern !-- ...more... -- /web-resource-collection auth-constraint role-nameuser/role-name role-nameadmin/role-name role-namesysadmin/role-name /auth-constraint /security-constraint and configured login-config auth-methodFORM/auth-method realm-nameMyApp/realm-name form-login-page/security/protected/login.jsp/form-login-page form-error-page/security/protected/error.jsp/form-error-page /login-config Chris *** Information contained in this email message is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the [EMAIL PROTECTED] and destroy the original message. ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: LogOut from JDBC Realm
Hi there -
Thanks for the responses and sorry to get back to this - I haven't made any
progress and have had other problems (challenges?) to fix first!
I have a link to a logout servlet with the doGet() method below.
Using eclipse debugging shows that the session isValid=false on invalidate
correctly.
However clicking back on the browser creates a new session (with
isValid=true)in my session handling function called from every page (except
logout):
public static HttpSession setSessionData (HttpServletRequest request)
{
HttpSession session = request.getSession(true);
if (session.getAttribute(viewmode) ==null) session.setAttribute(viewmode,
B);
...
}
So it doesn't seem that invalidate() is destroying the authentication - only
clearing a session which can be recreated.
Should I check if the session is invalid and forward to my logout page if so,
or is there a way of invalidating the login info?
Can anyone shed some photons on this.
TC :5.0.19, Solaris 9, Mysql 4.something - JDBC Realm, SSL + filter giving
Cache-Control - private,no-cache,no-store
Chris Chappell
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType(text/html);
PrintWriter out = response.getWriter();
HttpSession session = request.getSession();
session.invalidate();
out.println(GeneralUI.htmlHeader());
out.println(table width=100%tr height=200 valign=centertd
align=centerGoodbye - you are now logged out/td/tr/table);
out.println(GeneralUI.htmlFooter());
return;
}
On Tuesday 23 November 2004 17:09, Chris Chappell wrote:
Hi there
Hi,
Can anyone give me a pointer how to logout a JDBC Realm authenticated user
without closing the browser. E.g. I need a log out button which forwards to
a goodbye page and does something like this (fictitious)
userSession.expire(); I've had a trawl thriough the docs etc and nothing
springs to obvious use. Using SSL though don't think this would change
anything re this.
Just include this: % session.invalidate(); % it works on both 8080 (normal)
and 8443 (ssl) connections.
(TC 5.0.19 on Sol9 + MySQL 4)
LogOut from JDBC Realm
Hi there Can anyone give me a pointer how to logout a JDBC Realm authenticated user without closing the browser. E.g. I need a log out button which forwards to a goodbye page and does something like this (fictitious) userSession.expire(); I've had a trawl thriough the docs etc and nothing springs to obvious use. Using SSL though don't think this would change anything re this. Cheers, Sorry if this appears 2*, 1st time seemed to get lost :-( Chris Chappell (TC 5.0.19 on Sol9 + MySQL 4)
Re: LogOut from JDBC Realm
Yoav Well I tried this, but it didn't seem to make any difference so I thought maybe it was just resetting the session vars. But I'll have another play with it. Ceeres Chris Chappell Subject: RE: LogOut from JDBC Realm Hi, You mean like session.invalidate()? ;) Yoav Shapira http://www.yoavshapira.com -Original Message- From: Chris Chappell [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: LogOut from JDBC Realm Hi there Can anyone give me a pointer how to logout a JDBC Realm authenticated user without closing the browser. E.g. I need a log out button which forwards to a goodbye page and does something like this (fictitious) userSession.expire(); I've had a trawl thriough the docs etc and nothing springs to obvious use. Using SSL though don't think this would change anything re this. Cheers, Sorry if this appears 2*, 1st time seemed to get lost :-( Chris Chappell (TC 5.0.19 on Sol9 + MySQL 4) This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
LogOut from JDBC Realm
Hi there Can anyone give me a pointer how to logout a JDBC Realm authenticated user without closing the browser). E.g. I need a log out button with forwards to a goodbye page and does something like this (fictitious) userSession.expire(); I've had a trawl thriough the docs etc and nothing springs to obvious use. Using SSL though don't think this would change anything re this. Cheers Chris Chappell (TC 5.0.19 on Sol9 + MySQL 4)
Re: Realms and Static pages
QM thanks - I was assuming a mapping between the (e.g.) Configs here for servlet and web-resource-name, which doesn't actually exist. Hence my befuddlement. servlet servlet-nameConfig/servlet-name security-constraint web-resource-collection web-resource-nameConfig/web-resource-name Chris - Original Message - From: QM [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, November 18, 2004 12:01 AM Subject: Re: Realms and Static pages On Wed, Nov 17, 2004 at 01:25:27PM -, Chris Chappell wrote: : Thanks QM but I' still not sure what to do! Please trust me, it's all in the spec... : In my web.xml I have for example (standard stuff!) : : servlet : servlet-nameConfig/servlet-name : servlet-classorg.myorg.config.Config/servlet-class : /servlet : : with a mapping and security contraint. It helps to show the entire file, since that's the root of the problem. ;) : I have searched throught the web.xml options below and cannot work out which : one for static html pages. Try to think outside the box: are you trying to protect static html pages or just certain regions (URIs) of the site? Hint: you can map security-constraint to plain old URIs, not just servlet classes. Take a close look at the url-pattern tag... -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Realm and Redeploy
Hi I am running a webapp under Tomcat using a jdbc realm. If I upload a new war it redeploys fine, but loses authentication. E.g. I cannot log in again until I have restarted Tomcat. After a restart I don't have to re-authenticate so it shows Tomcat has reatinmed the login info. I think that if I have a page which doesn't require authentication then the redployment works fine, but am not totally sure on this (Running 5.0.19) Chris Chappell
Realms and Static pages
Hi How can I protect static pages on my Tomcat powered site with username/role + password information from my jdbc realm? I have some help pages under /MyContext/help. I cannot find how to put them under /MyContext/WEB-INF/help. Anybody help? (There's only a few static pages, so it would be overkill to run apache as well) (Running 5.0.19) Chris Chappell
Re: Realms and Static pages
Thanks QM but I' still not sure what to do! In my web.xml I have for example (standard stuff!) servlet servlet-nameConfig/servlet-name servlet-classorg.myorg.config.Config/servlet-class /servlet with a mapping and security contraint. I have searched throught the web.xml options below and cannot work out which one for static html pages. Or do you you use servlet like servlet servlet-nameHelpPage/servlet-name servlet-class/HelpPage.html/servlet-class /servlet with forward slash to show root context folder. I've serached high and low on the net - all the examples (and in the TC examples) don't restrict static pages. I'm sure its easy when you know how, but :-) !-- (icon?,display-name?,description?,distributable?,context-param*,filter*,filter- mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,welco me-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,security-const raint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*). -- Chris Chappell - Original Message - From: QM [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, November 17, 2004 12:02 PM Subject: Re: Realms and Static pages On Wed, Nov 17, 2004 at 11:34:48AM -, Chris Chappell wrote: : How can I protect static pages on my Tomcat powered site with username/role + : password information from my jdbc realm? Use the standard roles/auth constraints in web.xml. See the servlet spec, or some random servlet/JSP articles/books, for details. : I have some help pages under /MyContext/help. I cannot find how to put them : under /MyContext/WEB-INF/help. : Anybody help? (There's only a few static pages, so it would be overkill to run : apache as well) Yes: don't put them under WEB-INF unless you want to write code to serve them yourself. =) By default, files under WEB-INF are *not* available for standard requests (HTTP/GET, HTTP/POST, etc). This prevents would-be miscreants from downloading the app's code and config files. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
