Hi everybody,
I have a very annoying problem with a secured folder in my tomcat web
application. The most amazing is that the problems do not occur when I'm
using BASIC authentication, but only when FORM authentication. Here is
what I have configured (mywebapp is the name of the folder with my web
application, this folder is in ${TOMCAT}/webapps; protectedarea is the
name of the protected folder):
- JDBCRealm is configured in server.xml (tested, working properly);
- security-constrained configured in
${TOMCAT}/webapps/mywebapp/WEB-INF/web.xml :
<security-constraint>
<display-name>mywebapp Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>mywebapp</web-resource-name>
<url-pattern>/protectedarea/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>mywebapp Application</realm-name>
<form-login-config>
<form-login-page>/protectedarea/login.html</form-login-page>
<form-error-page>/protectedarea/error.html</form-error-page>
</form-login-config>
</login-config>
- login.html has the following login form (stripped of formatting here
for clarity):
<form action="j_security_check" method="POST">
E-mail address: <input type="text" name="j_username"/>
Password: <input type="password" name="j_password"/>
<input type="submit" value="Login"/><input type="reset" value="Clear"/>
</form>
- I also have subdirectories (with images, javascripts, css) in
mywebapp/protectedarea. The html files in protectedarea (index.html,
login.html, and error.html) refer to the contents of these
subdirectories when loading javascripts, css, and images.
NOW,
The problem #1 is: login.html displays a form BUT there is NO images, NO
CSS formatting, and Javascript! The page displays just a raw form.
The problem #2 is: after successful authentication the browser shows the
SOURCE of the first javascript referenced in index.html, instead of
index.html. The strangest thing is that after reloading the page
(index.html) everything displays fine, including the login.html.
The problems reoccur after cleaning the cash and cookies of the browser.
It looks like there is a temporary problem with context which gets
resolved somehow after the first login attempt.
Please, could somebody give me some advise/explanation, I have NO IDEA
what is happening. Again, the BASIC authentication works fine, but I
don't like this pop-up window and would like to use my own login form.
Thanks a lot,
Alex
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org