I'm having the following problem when using FORM based
authentication with Tomcat 4.1.12 :
When I bring up a new browser window, and go to a
protected page (under /do/) I am redirected to the
login.jsp as I should be. If I enter the correct
username / password, I am logged in correctly and
forwarded back to the page I was trying to access. This all works correctly.
However, if I enter garbage for a username and
password, I am redirected to the error.jsp page, which
is also correct. I then click the link on the
error.jsp page that takes me back to the login.jsp
page and try to login again with a valid
username/password combo, and it instantly redirects me
back to the error.jsp page. This isn't correct (as
far as I can tell) since it should have successfully
authed me the second time into the page.
I was wondering if anyone else had run into this
issue, or if there was something I was missing in one
of the config files or my web.xml file.
I am also using struts, but I don't think that has
anything to do with this error, since it appears to be
a j_security_check setup issue somehow.
Any help would be greatly appreciated.
Thanks,
Quenten
Here is my code :
+++++ my application web.xml +++++
<security-constraint>
<display-name>Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/do/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>eadmin</role-name>
<role-name>member</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>My JDBCRealm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page>
</form-login-config>
/login-config>
<security-role>
<description>admin role.</description>
<role-name>eadmin</role-name>
</security-role>
<security-role>
<description>member role.</description>
<role-name>member</role-name>
</security-role>
+++++ tomcat server.xml +++++
<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="50" driverName="org.postgresql.Driver" connectionURL="jdbc:postgresql://localhost:5432/mydb?user=postgres:password=postgres"
userTable="members" userNameCol="login"
userCredCol="password"
userRoleTable="member_roles_view"
roleNameCol="user_role" />
+++++ my login.jsp +++++
<html>
<head>
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%=
response.encodeURL("j_security_check") %>' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text"
name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password"
name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit"
value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>
</body>
</html>
+++++ my error.jsp +++++
<html>
<head>
<title>Error Page For Examples</title>
</head>
<body bgcolor="white">
Invalid username and/or password, please try
<a href='<%= response.encodeURL("login.jsp")
%>'>again</a>.
</body>
</html>
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus – Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
Hello Quenten, if ur web.xml is:
$TOMCAT_HOME
|
/webapps
|
/do
|
/WEB-INF
then change ur web.xml tag:
<security-constraint>
<url-pattern>/do/*
to only:
<url-pattern>*</url-pattern>
hope this helps, david.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
