Need help with authentication

Fri, 30 Mar 2007 01:20:44 -0800 

Hi all,

I have the following setup:
- Tomcat 5.5 install on win32, webapps reside underneath webapps/ROOT.
http://localhost/ shows me index.jsp
- Next I have enabled JDBC realm authentication
(webapps/ROOT/WEB-INF/web.xml).
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>/</web-resource-name>
           <description>pages which require login</description>
           <url-pattern>/*</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
           <description>Must authenticate before querying the
system</description>
           <role-name>role1</role-name>
       </auth-constraint>
       <user-data-constraint>
           <transport-guarantee>NONE</transport-guarantee>
       </user-data-constraint>
   </security-constraint>

   <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>jdbc/AuthDB</realm-name>
       <form-login-config>
           <form-login-page>/login.jsp</form-login-page>
           <form-error-page>/error.jsp</form-error-page>
       </form-login-config>
   </login-config>

   <security-role>
       <description>Any user of the system</description>
       <role-name>role1</role-name>
   </security-role>
- I am using a form to login. Here's the code for login.jsp:
<html>
<head>
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
 <table border="0" cellspacing="5">
   <tr>
     <th align="right">Username:</th>
     <td align="left"><input type="text" name="j_username"></td>
   </tr>
   <tr>
     <th align="right">Password:</th>
     <td align="left"><input type="password" name="j_password"></td>
   </tr>
   <tr>
     <td align="right"><input type="submit" value="Log In"></td>
     <td align="left"><input type="reset"></td>
   </tr>
 </table>
</form>
</body>
</html>

This works like a charm. Well, almost ;)
If I'm using firefox (1.5 or 2.0.0.x) and login to http://localhost/ using
user X's credentials. I get access to the page http://localhost/index.jsp.
Which is good. If I use user Y's credentials then I get redirected to
favicon.ico (wtf?). If I use internet explorer, the user is always
redirected to index.jsp.
I have absolutely no idea why this is happening, so if someone can shed a
light on this or give me some hints, this would very much be appreciated.
Thanks!

Reply via email to