Now I am able to access the secure page through the login page. But even if I close the browser ( whcih i assume will close the session ), and restart it, I am able to access the secure page without going through the login page. Is there a place where I need to say that the login info should not be a permanent cookie but only session scope ???
Thanks -- padhu Rick Fincher wrote: >Hi Padu, > >It looks like you have this set up OK. Do you have a memory realm set up in >conf/web.xml as is required for this setup? > >Also, since your transport guarantee is set up as confidential it is going >to use SSL so you either have to use an HTTPS:// url or you have to have >redirection turned on in port 80 (or whatever your HTTP port is) in >conf/web.xml. > >If your HTTPS port isn't 443 you'll have to have :8443 (if 8443 is the HTTPS >port) in the url too. > >Rick > >----- Original Message ----- >From: "Padhu Vinirs" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Wednesday, October 02, 2002 10:19 AM >Subject: authorization using tomcat... > > > > >>I am testing web resource form-based authentication. I have created a >>dummy jsp page "Details.jsp" and have created the following nodes in >>web.xml: >> >><security-constraint> >> <web-resource-collection> >> <web-resource-name>SecurePages</web-resource-name> >> <url-pattern>Details.jsp</url-pattern> >> </web-resource-collection> >> <auth-constraint> >> <role-name>EditUsers</role-name> >> </auth-constraint> >> <user-data-constraint> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >> </user-data-constraint> >> </security-constraint> >> <login-config> >> <auth-method>FORM</auth-method> >> <form-login-config> >> <form-login-page>/login.jsp</form-login-page> >> <form-error-page>/error.jsp</form-error-page> >> </form-login-config> >> </login-config> >> <security-role> >> <description>Users who can edit</description> >> <role-name>EditUsers</role-name> >> </security-role> >> >> >>I have created a "EditUsers" role in tomcat-users.xml. >> >>But when I access "Details.jsp", I am redirected to the Netscape search >>page !!! I am able to access the login and error.jsp pages fine. >> >>Any ideas ? >> >> > > > >-- >To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> >For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
