Re: Need help with authentication
Yes! It is working! Thank you all for your help. Sorry for being such a nag.
Re: Need help with authentication
Ok, here is some headers I found with fiddler: From firefox: - Request 1: GET /eai-admin/ HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Cookie: JSESSIONID=8BE2C3B8AD18A29D2229F467A9391307 If-Modified-Since: Fri, 23 Feb 2007 15:40:10 GMT If-None-Match: W/1827-1172245210656 - Reply 1: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET Content-Type: text/html;charset=ISO-8859-1 Content-Length: 602 Date: Wed, 04 Apr 2007 07:27:13 GMT html head titleLogin Page for Examples/title body bgcolor=white form method=POST action='j_security_check' table border=0 cellspacing=5 tr th align=rightUsername:/th td align=leftinput type=text name=j_username/td /tr tr th align=rightPassword:/th td align=leftinput type=password name=j_password/td /tr tr td align=rightinput type=submit value=Log In/td td align=leftinput type=reset/td /tr /table /form /body /html Reply 1 is normal, this is my login page. - Then I submit the login, Request 2: POST /eai-admin/j_security_check HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://localhost:8080/eai-admin/ Cookie: JSESSIONID=8BE2C3B8AD18A29D2229F467A9391307 Content-Type: application/x-www-form-urlencoded Content-Length: 30 j_username=timj_password=test - Reply 2 HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 Location: http://localhost:8080/eai-admin/ Content-Length: 0 Date: Wed, 04 Apr 2007 07:27:17 GMT - So I get redirected: GET /eai-admin/ HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 ,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://localhost:8080/eai-admin/ Cookie: JSESSIONID=8BE2C3B8AD18A29D2229F467A9391307 - Reply 3: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET Date: Wed, 04 Apr 2007 07:27:17 GMT For IE I can see the following: - Request 1: GET /eai-admin/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: nl-be Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Host: localhost:8080 Proxy-Connection: Keep-Alive - Reply 1: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET Set-Cookie: JSESSIONID=619A92CCA43BBE0FB205AA7455360214; Path=/ Content-Type: text/html;charset=ISO-8859-1 Content-Length: 646 Date: Wed, 04 Apr 2007 07:30:35 GMT html head titleLogin Page for Examples/title body bgcolor=white form method=POST action='j_security_check;jsessionid=619A92CCA43BBE0FB205AA7455360214' table border=0 cellspacing=5 tr th align=rightUsername:/th td align=leftinput type=text name=j_username/td /tr tr th align=rightPassword:/th td align=leftinput type=password name=j_password/td /tr tr td align=rightinput type=submit value=Log In/td td align=leftinput type=reset/td /tr /table /form /body /html - Request 2: POST /eai-admin/j_security_check;jsessionid=619A92CCA43BBE0FB205AA7455360214 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: http://localhost:8080/eai-admin/ Accept-Language: nl-be Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 1.1.4322) Host: localhost:8080 Content-Length: 30 Proxy-Connection: Keep-Alive Pragma: no-cache Cookie: JSESSIONID=619A92CCA43BBE0FB205AA7455360214 j_username=timj_password=test - Reply 2: HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 Location: http://localhost:8080/eai-admin/ Content-Length: 0 Date:
Re: Need help with authentication
Hi again, I did some further researching. I found this on the 304 returned by Tomcat when using firefox: -8---8---8---8---8---8---8---8---8---8---8---8---8---8---8-- You should never see this error in your Web browser. It should simply present the Web page from its cache - because it believes the page has not changed since it was last cached. If your client is not a Web browser, then it should equally be able to present the page from a cache. If unable to do so, it is not using the If_Modified_Since or related headers correctly. -8---8---8---8---8---8---8---8---8---8---8---8---8---8---8-- When I disable caching in firefox, authentication works as it should and I get redirected as I should. So who's the culprit here. Firefox or Tomcat? Sorry, I'm a bit puzzled :(
RE: Need help with authentication
IE is sending Pragma: no-cache when it requests the admin page (Request 3 in your previous message). Firefox isn't, so I'm guessing Tomcat is assuming that FF has a copy. This is just what I noticed, I'm not an HTTP or Tomcat expert. | -Original Message- | From: Kenneth Westelinck [mailto:[EMAIL PROTECTED] | Sent: Wednesday, 04 April, 2007 09:19 | | I did some further researching. I found this on the 304 returned by Tomcat | when using firefox: | -8---8---8---8---8---8---8---8 | ---8---8---8---8---8---8---8-- | You should never see this error in your Web browser. It should simply | present the Web page from its cache - because it believes the page has not | changed since it was last cached. If your client is not a Web browser, | then | it should equally be able to present the page from a cache. If unable to | do | so, it is not using the If_Modified_Since or related headers correctly. | -8---8---8---8---8---8---8---8 | ---8---8---8---8---8---8---8-- | | When I disable caching in firefox, authentication works as it should and I | get redirected as I should. So who's the culprit here. Firefox or Tomcat? - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with authentication
to disable Proxy Caching by FormAuthenticator $TOMCAT_HOME/conf/server.xml Context path=/myapp docBase=myapp Valve className=org.apache.catalina.authenticator.FormAuthenticator disableProxyCaching=false / /Context Is this what you're looking for??? M- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Nelson, Tracy M. [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, April 04, 2007 11:19 AM Subject: RE: Need help with authentication IE is sending Pragma: no-cache when it requests the admin page (Request 3 in your previous message). Firefox isn't, so I'm guessing Tomcat is assuming that FF has a copy. This is just what I noticed, I'm not an HTTP or Tomcat expert. | -Original Message- | From: Kenneth Westelinck [mailto:[EMAIL PROTECTED] | Sent: Wednesday, 04 April, 2007 09:19 | | I did some further researching. I found this on the 304 returned by Tomcat | when using firefox: | -8---8---8---8---8---8---8---8 | ---8---8---8---8---8---8---8-- | You should never see this error in your Web browser. It should simply | present the Web page from its cache - because it believes the page has not | changed since it was last cached. If your client is not a Web browser, | then | it should equally be able to present the page from a cache. If unable to | do | so, it is not using the If_Modified_Since or related headers correctly. | -8---8---8---8---8---8---8---8 | ---8---8---8---8---8---8---8-- | | When I disable caching in firefox, authentication works as it should and I | get redirected as I should. So who's the culprit here. Firefox or Tomcat? - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with authentication
Any ideas why I only get redirected in firefox after doing a refresh and why this is working as it should in internet explorer?
Re: Need help with authentication
Kenneth Westelinck wrote: Any ideas why I only get redirected in firefox after doing a refresh and why this is working as it should in internet explorer? Get ieHttpHeaders and Live Http Headers and check out the differences, if any, in what the browsers are seeing from / sending to Tomcat. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with authentication
En l'instant précis du 30/03/07 11:20, Kenneth Westelinck s'exprimait en ces termes: Hi all, I have the following setup: - Tomcat 5.5 install on win32, webapps reside underneath webapps/ROOT. http://localhost/ shows me index.jsp - Next I have enabled JDBC realm authentication (webapps/ROOT/WEB-INF/web.xml). security-constraint web-resource-collection web-resource-name//web-resource-name descriptionpages which require login/description url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint descriptionMust authenticate before querying the system/description role-namerole1/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method realm-namejdbc/AuthDB/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionAny user of the system/description role-namerole1/role-name /security-role - I am using a form to login. Here's the code for login.jsp: html head titleLogin Page for Examples/title body bgcolor=white form method=POST action='%= response.encodeURL(j_security_check) %' table border=0 cellspacing=5 tr th align=rightUsername:/th td align=leftinput type=text name=j_username/td /tr tr th align=rightPassword:/th td align=leftinput type=password name=j_password/td /tr tr td align=rightinput type=submit value=Log In/td td align=leftinput type=reset/td /tr /table /form /body /html This works like a charm. Well, almost ;) If I'm using firefox (1.5 or 2.0.0.x) and login to http://localhost/ using user X's credentials. I get access to the page http://localhost/index.jsp. Which is good. If I use user Y's credentials then I get redirected to favicon.ico (wtf?). If I use internet explorer, the user is always redirected to index.jsp. I have absolutely no idea why this is happening, so if someone can shed a light on this or give me some hints, this would very much be appreciated. Thanks! What i suppose is happening: Browser request / Tomcat sends the content of login form and store in session you tried to get / Browser show form and, behind the scene, request the /favicon.ico from server Tomcat sends the content of login form as content of favicon.ico and store in session you tried to get /favicon.ico You submit form (you login) Tomcat check credential then goes in your session to check which age you asked for (/favicon.ico) Tomcat redirect you to /favicon.ico I'll say, this is partially the browser's fault. It works with IE 7 because those versions of IE where only downloading the favicon.ico during bookmarking. Workaround includes - moving away your webapp from the ROOT , this way favicon won't be asked in your webapp but in ROOT (may be a design issue for you) - create a valve that you include to tomcat and refuses all attempts at accessing a faicon.ico before it reach the webapplication logic. (This way you won't pollut your authentification with them) - reorganise your security layout such that /favicon.ico does not need authentification - foul the browser by setting, in you login page, a |link rel=shortcut icon href=http://yourhost/dumb/favicon.png type=image/png |and create a 'dump' webapplication - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, David Delbecq wrote: Workaround includes Another workaround would be to use additional security-constraints that will allow access to favicon.ico and any other include files such as CSS, JS, or images without needing to be logged-in. This seems simpler than your other suggestions. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGDPlU9CaO5/Lv0PARApTDAJ9WSlJg0OyirbcmzV0wwrJ8WlAnewCgjhr3 v7M4iBvnX06ZltvdZcY7za4= =v/2t -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help with authentication
Ok, thanks all for your replies. Another problem is the following: - I logon to http://localhost/somewhere using X's credentials. Logon succeeds and I get redirected to http://localhost/somewhere/index.html - I logon to http://localhost/somewhere using Y's credentials. I get the login page again. I click refresh and now I get redirected to http://localhost/somewhere/index.html In internet explorer, again, no problems.
Re: Need help with authentication
So, I upgraded to Tomcat 5.5.23 (I was running 5.5.15). Now at least the problem is consistent. For all users I get the login page again. If I refresh, I get redirected to http://localhost/somewhere/index.html. On 3/30/07, Kenneth Westelinck [EMAIL PROTECTED] wrote: Ok, thanks all for your replies. Another problem is the following: - I logon to http://localhost/somewhere using X's credentials. Logon succeeds and I get redirected to http://localhost/somewhere/index.html - I logon to http://localhost/somewhere using Y's credentials. I get the login page again. I click refresh and now I get redirected to http://localhost/somewhere/index.html In internet explorer, again, no problems.
