servlet authentication mechanism

rajaxn r Mon, 18 Jun 2001 10:25:30 -0700
Hi
  I am configuring a web application to run with
servlet 
authentication mechanism. The webapplication is to be
configured on 
both tomcat 3.2
I created entries in web.xml like the below
/*********************************************
<web-app>
        <display-name>Test1</display-name>
        <servlet>
                <icon></icon>
                <servlet-name>TestServlet</servlet-name>
                <display-name>testservetr</display-name>
                <servlet-class>test.TestServlet</servlet-class>
        </servlet>
        <servlet-mapping>
                <servlet-name>TestServlet</servlet-name>
                <url-pattern>/test/TestServlet</url-pattern>
        </servlet-mapping>
        <security-constraint>
                <web-resource-collection>
                <web-resource-name>TestServlet</web-resource-name>
                        <description></description>
                        <url-pattern>/test/TestServlet</url-pattern>
                        <http-method>
                        GET</http-method>
                        <http-method>
                        POST</http-method>
                </web-resource-collection>
                <auth-constraint>
                        <description></description>
                        <role-name>manager</role-name>
                </auth-constraint>
        </security-constraint>
        <login-config>
                <auth-method>
                  FORM 
                </auth-method>
                <form-login-config>
                <form-login-page>/loginpage.html</form-login-page> 
               
<form-error-page>/errorpage.html</form-error-page> 
                </form-login-config>
        </login-config>
        <security-role>
                <description></description>
                <role-name>manager</role-name>
        </security-role>
</web-app>


I also included entries in the tomcat-users.xml  like

/************************************
<tomcat-users>
  <user name="tomcat" password="tomcat"
roles="tomcat,manager"/>
  <user name="role1" password="tomcat" roles="role1"/>
  <user name="both" password="tomcat"
roles="tomcat,role1"/>
  <user name="user1" password="password1"
roles="manager" />
</tomcat-users>

The form test.html calls the servlet TestServlet which
is protected 
by a form based servlet authentication which calls
loginpage.html. loginpage.html has a form with action
j_security_check and fields j_username & j_password
But loginpage.html doesnt accept any of the
user/password pairs above 
in the tomcat users.xml file

Can someone also tell me how to do the above so that a
custom login 
page can be called instead of the page with
"j_security_check" 



__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/
servlet authentication mechanism

Reply via email to
