Hi again,
I just discovered bug 33157: basic authentication fails in some cases,
reported in Tomcat 5.5.4.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33157
It doesn't describe my exact problem, but it's the best theory so far.
Unfortunately the hosting provider is unlikely to install
Based on my own experience, the quickest way to work out what is
happening will be to debug your way through it. See the FAQ for how to
set this up: http://jakarta.apache.org/tomcat/faq/development.html
Mark
Mudumbai, Kalyan wrote:
Hi All,
I am trying to write a custom realm for my web
If you are using basic authentication, that is out of your control -
the browser will resend the authentication with every request. I does
not care at all about your session.
I think your simplest solution is to switch to form-based authentication.
Larry
On Thu, 27 Jan 2005 19:58:16 -0800
Hi Larry,
Thank you for your reply! Yes, I have tried the form authentication. It
does redirect to the login page when session expires.
Gia
Larry Meadors [EMAIL PROTECTED] wrote:
If you are using basic authentication, that is out of your control -
the browser will resend the
Ashish Kulkarni ha scritto:
Hi
May be try putting the following in web.xml file just
before taglib ( i am not sure but works with 2.2)
error-page
error-code403/error-code
location/pages/error/noaccess.jsp/location
/error-page
error-page
I never try it, but maybe u can write your own code into the login
page that redirect you on a different page if the login taske will not
completed as needed...
On Mon, 24 Jan 2005 14:21:19 +0100, Giorgio Ponza [EMAIL PROTECTED] wrote:
Hi all
I have a small problem trying to configure BASIC
Omar Adobati ha scritto:
I never try it, but maybe u can write your own code into the login
page that redirect you on a different page if the login taske will not
completed as needed...
I can't try this :D
There is no login page, only a box appearing over the browser asking user and
password.
Oh, I'm sorry... you are using the basic auth mode... there was a
missunderstanding... sorry again...
On Mon, 24 Jan 2005 14:29:44 +0100, Giorgio Ponza [EMAIL PROTECTED] wrote:
Omar Adobati ha scritto:
I never try it, but maybe u can write your own code into the login
page that redirect you
Hi
May be try putting the following in web.xml file just
before taglib ( i am not sure but works with 2.2)
error-page
error-code403/error-code
location/pages/error/noaccess.jsp/location
/error-page
error-page
Hello,
The answer to your question is that you cannot serve the User database (now
tomcat-users.xml) from inside a .war file as it cannot be read from in there
but you can change its location to be below your webapps directory. This can
be achieved by changing the path to it which is currently in
Nevermind. I had a 401 page defined in web.xml, so it was being sent there
instead of the browser. My mistake.
- Original Message -
From: e-Denton Subscriber [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Saturday, October 23, 2004 4:06 PM
Subject: BASIC authentication
Hi Ross,
Simply adding an error page will not do. You need to have a servlet
that will set the status of the response-page as 403
(HttpServletResponse.SC_UNAUTHORIZED)
Look at the code-implementation of Security-Filter. It's good.
http://sf.net/projects/securityfilter
HTH
Happy
will avoid other newbies to be stuck like I was.
Merci,
Laurent
Message du 23/07/04 à 21h36
De : Michele Ouellet [EMAIL PROTECTED]
A : Laurent Le Moux [EMAIL PROTECTED]
Copie à :
Objet : Re: BASIC authentication not working, PLEASE HELP !
Salut Laurent,
Did you start tomcat with the -security
(Please, create new messages when mailing the list. Responding to
unrelated messages causes confusion for those of us who use thread-aware
mailers.)
: In a nutshell, I'm wondering if it's better NOT to use basic
: authentication.
My understanding is that FORM vs BASIC is just that the former
: basic authentication or not?
(Please, create new messages when mailing the list. Responding to
unrelated messages causes confusion for those of us who use thread-aware
mailers.)
: In a nutshell, I'm wondering if it's better NOT to use basic
: authentication.
My understanding
when you type
www.ourDomain.com?
Thanks so much,
Stephen
- Original message -
From: QM [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Date: Thu, 17 Jun 2004 16:04:21 -0500
Subject: Re: basic authentication or not?
(Please, create new messages when mailing the list. Responding
Maybe through navigator object in user´s browser, you must check if
there´s not permission constraint for that.
--
De: Bui, Bao-Ha D[SMTP:[EMAIL PROTECTED]
Responder:Tomcat Users List
Enviada: sexta-feira, 5 de dezembro de 2003 13:45
Para: 'Tomcat Users
You might want to read the comments on the following URL - it shows how
to configure authentication with a Windows domain, but apparently, it's
out of date:
http://www.raibledesigns.com/page/rd?
anchor=easy_windows_authentication_with_tomcat
Matt
On Dec 5, 2003, at 9:45 AM, Bui, Bao-Ha D
http://jakarta.apache.org/tomcat/faq/windows.html#ntlm
-Tim
Bui, Bao-Ha D wrote:
Hi all,
I need to capture the WinNT account name of users to a jsp page.
We have Active Directory at our company. We can have a basic login form
(that standard pop up login form from Window).
Could anyone
]
Sent: Friday, December 05, 2003 11:58 AM
To: Tomcat Users List
Subject: Re: Basic Authentication
http://jakarta.apache.org/tomcat/faq/windows.html#ntlm
-Tim
Bui, Bao-Ha D wrote:
Hi all,
I need to capture the WinNT account name of users to a jsp page.
We have Active Directory at our
Can somebody suggest how to implement Basic Authentication in Tomcat4.1 or
use an existing Basic Authentication being used by other application.
Thanks
-sumit
-Original Message-
From: Kumar, Sumit
Sent: Thursday, November 20, 2003 11:44 AM
To: 'Tomcat Users List'
Subject: Basic
It s not use in the class java.net.Authenticator ?
See it
-Original Message-
From: Kumar, Sumit [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 20, 2003 7:01 PM
To: 'Tomcat Users List'
Subject: RE: Basic Authentication
Can somebody suggest how to implement Basic
try /document/* as the url-pattern or /document/*.doc if you want the .doc files under
/document to be protected ...
-Original Message-
From: Daniel Zhang [mailto:[EMAIL PROTECTED]
Sent: 22. juli 2003 14:48
To: Tomcat Users List
Subject: Basic Authentication not work for directory
Hi,
As you see in my web.xml file, I've already put /document/* as a
url-pattern(url-pattern/document/*/url-pattern), the question is
under /document directory, there are some other types of file like
*.pdf, *.txt which need to be protected. I also have these types of file
in other directory which
add this to the web.xml
error-page
error-code401/error-code
location/errorpage.jsp/location
/error-page
- Original Message -
From: Koes, Derrick [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 6:22 PM
Subject: Basic authentication question
I wish to
-
From: Boon Seong [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 5:27 PM
To: Tomcat Users List
Subject: Re: Basic authentication question
add this to the web.xml
error-page
error-code401/error-code
location/errorpage.jsp/location
/error-page
- Original Message -
From
/login-config
- Original Message -
From: Koes, Derrick [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 6:31 PM
Subject: RE: Basic authentication question
Unfortunately, this does not work.
Tomcat seems to use 401 as a prompt to put up the basic
-methodBASIC/auth-method
realm-nameDORA/realm-name
/login-config
-Original Message-
From: Boon Seong [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 5:37 PM
To: Tomcat Users List
Subject: Re: Basic authentication question
In that case, meaning it is a protected resource right
It can be made to work...
Put the error-page directive in as per web.xml spec
On the jsp / servlet it points at,
response.addHeader(WWW-Authenticate, BASIC realm=\ + realm
+ \);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
and then write custom page
And it
I did some more research on this. It looks like it was a Known Bug in
Tomcat 4.0.2, and it doesn't look like it has been fixed since then (I'm
using 4.0.4). Tomcat developers, is there any patch or workaround known
for this?
I did some digging in the Tomcat source, and it looks like the html
On Thu, 2002-09-05 at 13:55, Eric Hollander wrote:
I did some more research on this. It looks like it was a Known Bug in
Tomcat 4.0.2, and it doesn't look like it has been fixed since then (I'm
using 4.0.4). Tomcat developers, is there any patch or workaround known
for this?
I did some
Here is how you can create a custom 401 (Not Authorized) error response
in Tomcat. Putting a directive like this:
error-page
error-code401/error-code
location/errors/401.html/location
/error-page
in web.xml will not work. If you put that in web.xml, it will deny all
authorization.
The
If 'b' is not protected, then Apache will neither ask for
authorization nor include authorization info in the request
headers when a document in 'b' is requested.
One thing you could try is to use a symbolic link to 'b'
from 'a' so that /htdocs/a/b points to /htdocs/b. Then
a request for
Have you turn on the SingleSignOn valve in server.xml?
-Paul
Mark Shaw wrote:
I'm hoping someone can shed some light on a particular behavior I'm
experiencing with BASIC authentication and session cookies:
I've set up my servlet to use BASIC authentication and I'm my own very
simple realm
Mark Shaw wrote:
In subsequent requests I pass back the sessionID (in a cookie
labeled jsessionid...) instead of the BASIC authentication
You need to include the authentication information with
every request for a protected resource, or you're going
to get another challenge. rfc2617 says:
On Wed, 6 Mar 2002, Mark Shaw wrote:
Date: Wed, 6 Mar 2002 22:37:17 -0800
From: Mark Shaw [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: BASIC Authentication Question
I'm hoping someone can shed some light on a
De: EDV Systembetrieb [mailto:[EMAIL PROTECTED]]
Enviado el: lunes 17 de diciembre de 2001 14:33
My problem is, that there seems to be a permanent connection
between the browser and the servlet or the logininformation a
cached by the browser until the browser is restartet
THis question
-Original Message-
From: EDV Systembetrieb [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 17, 2001 8:33 AM
To: [EMAIL PROTECTED]
Subject: Basic authentication password caching
Hi everybody,
I setup Tomcat 3.3 with JDBCRealm and a mysql-database using
basic
On Mon, 17 Dec 2001, EDV Systembetrieb wrote:
Date: Mon, 17 Dec 2001 14:32:34 +0100
From: EDV Systembetrieb [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Basic authentication password caching
Hi everybody,
I setup Tomcat 3.3 with
Hello,
Well, I just write a response to myself ;)
The following problem is not there with NT4/IIS 4. I have it only with
W2K/IIS 5.
Using tomcat for the authentication is not working completely: the
authentication is going well, but the result of it is not the jsp page I
wanted to see, but
Betty,
Take a look at the web.xml --- from servlet spec
---and do not forget the security vulnerability when
you use the BASIC
authentication without SSL.
Pae
Hi -- Can someone point me to a simple example of
how to setup tomcat for basic HTTP authentication?
you can add a user / password in tomcat-users.xml and assign the
roles=admin to this
user. Can you restrict access to a servlet using .htaccess in tomcat. I am
pretty interseted
in it also.
- Original Message -
From: Cory L Hubert [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday,
[EMAIL PROTECTED] wrote:
It works fine with Tomcat 3.2, but it should run on Tomcat 3.1 ... don't ask
me why, I have no idea :-)
This is one of the many bugs in Tomcat 3.1. If you want to use container managed
security, you need to use 3.2 or later.
Any ideas what is wrong?
Thanks in
Marino Vittorio wrote:
I am using Basic authentication with Tomcat v3.2.1 Everything works just
fine, but I'd like to know how to grab User and Password during the
authentication process to put them in a bean. Any clue?
Thanks, Vittorio
The username is already available, via
44 matches
Mail list logo