Re: container based authentication

2009-10-27 Thread PDiefent


I've uploaded a little Eclipse Project without WEB-INF/lib/libraries -
perhaps anybody can help to get it running ...



PDiefent wrote:
 
 
 Hello,
 I try to secure my wicket appication with container based authentication.
 The problem is, that all users can log also if they don't have the right
 role.
 
 In my login.html I use following form action:
   form action=login/j_security_check method=post
 
 If I change the security-constraint - url-pattern from /login to /*,
 the security check works, but I don't get any page displayed
 (images/leer.gif not found).
  Also the login page doesn't render complete because all images are
 blocked.
 
 It would be nice if their is an example for the correct use of the
 container based authentication. The often statet example in
 
 http://cwiki.apache.org/WICKET/servlet-container-authentication.html
 
 doesn't work!
 
 
 
 The configuration for Apache Tomcat 6.xx:
 
 ?xml version=1.0 encoding=UTF-8?
 tomcat-users
   role rolename=MyWeb/
   role rolename=manager/
   role rolename=admin/
   role rolename=TheirWeb/
   user username=zorro password=zorro roles=MyWeb/
   user username=Pete password=Pete roles=TheirWeb/
   user username=Pete1 password=Pete1 roles=MyWeb/
   user username=admin password=admin roles=admin,manager/
 /tomcat-users
 
 -
 To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
 For additional commands, e-mail: users-h...@wicket.apache.org
 
 
 
http://www.nabble.com/file/p26078586/SimpleApp.zip SimpleApp.zip 
-- 
View this message in context: 
http://www.nabble.com/container-based-authentication-tp26010834p26078586.html
Sent from the Wicket - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



container based authentication

2009-10-22 Thread Peter Diefenthaeler

Hello,
I try to secure my wicket appication with container based authentication.
The problem is, that all users can log also if they don't have the right
role.

In my login.html I use following form action:
  form action=login/j_security_check method=post

If I change the security-constraint - url-pattern from /login to /*,
the security check works, but I don't get any page displayed
(images/leer.gif not found).
 Also the login page doesn't render complete because all images are
blocked.

It would be nice if their is an example for the correct use of the
container based authentication. The often statet example in

http://cwiki.apache.org/WICKET/servlet-container-authentication.html

doesn't work!



The configuration for Apache Tomcat 6.xx:

?xml version=1.0 encoding=UTF-8?
tomcat-users
  role rolename=MyWeb/
  role rolename=manager/
  role rolename=admin/
  role rolename=TheirWeb/
  user username=zorro password=zorro roles=MyWeb/
  user username=Pete password=Pete roles=TheirWeb/
  user username=Pete1 password=Pete1 roles=MyWeb/
  user username=admin password=admin roles=admin,manager/
/tomcat-users


The deployment descriptor:

?xml version=1.0 encoding=UTF-8?
!DOCTYPE web-app PUBLIC
  -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN
  http://java.sun.com/dtd/web-app_2_3.dtd;

web-app id=MyWeb
  display-name.MyWeb/display-name.
  servlet
servlet-name.wicket.wicket/servlet-name
servlet-classorg.apache.wicket.protocol.http.WicketServlet/
servlet-class
init-param
  param-nameapplicationClassName/param-name
  param-value
com.csc.pts.aar.web.application.AarWebApplication./param-value.
/init-param
load-on-startup.1/load-on-startup.
  /servlet
  servlet-mapping.
servlet-namewicket.wicket/servlet-name
url-pattern/*/url-pattern
  /servlet-mapping.

  security-constraint.
web-resource-collection
  web-resource-nameMyWeb/web-resource-name
  url-pattern/login/url-pattern
  http-methodGET/http-method
  http-methodPOST/http-method
/web-resource-collection
auth-constraint
  role-nameMyWeb/role-name
/auth-constraint
  /security-constraint

  login-config
auth-methodFORM/auth-method
form-login-config
 form-login-page/login/form-login-page
 form-error-page/loginerror/form-error-page
/form-login-config
  /login-config

  security-role
description
  The role that is required to log in to the Manager Application
/description
role-nameMyWeb/role-name
  /security-role

/web-app

The login.html:
body onload=initForm()
  div class=LoginBackground
  div class=LoginBoxDB
  table border=0 cellpadding=0 cellspacing=0
tr
  td
  form action=j_security_check method=post
table class=LoginNavi border=0 cellpadding=0
cellspacing=2
  tr
tdspan class=LoginNaviItem
Username:/span/td
tdinput id=userName name=
j_username value= size=23 tabindex=1 //td
tdimg src=images/leer.gif height=
20 width=18 //td
  /tr
  tr
tdspan class=LoginNaviItem
Password:/span/td
tdinput type=password name=
j_password value= size=25 tabindex=2 //td
tdimg src=images/leer.gif height=
20 width=18 //td
  /tr
  tr
tdimg src=images/leer.gif height=
0 width=1 //td
tdinput type=submit value=Login
class=buttonStandard//td
tdimg src=images/leer.gif height=
20 width=18 //td
  /tr
/table
  /form
  /td
/tr
  /table
  /div
  /div
/body
/html


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org