tomcat webapp FORM authentication problem

Tue, 24 Feb 2009 18:43:32 -0800 

Hi everybody,
I have a very annoying problem with a secured folder in my tomcat web application. The most amazing is that the problems do not occur when I'm using BASIC authentication, but only when FORM authentication. Here is what I have configured (mywebapp is the name of the folder with my web application, this folder is in ${TOMCAT}/webapps; protectedarea is the name of the protected folder): 

- JDBCRealm is configured in server.xml (tested, working properly);


- security-constrained configured in 
${TOMCAT}/webapps/mywebapp/WEB-INF/web.xml :



<security-constraint> 

   <display-name>mywebapp Security Constraint</display-name> 

   <web-resource-collection> 

      <web-resource-name>mywebapp</web-resource-name> 

      <url-pattern>/protectedarea/*</url-pattern> 

      <http-method>DELETE</http-method> 

      <http-method>GET</http-method> 

      <http-method>POST</http-method> 

      <http-method>PUT</http-method> 

   </web-resource-collection> 

   <auth-constraint> 

      <role-name>tomcat</role-name> 

   </auth-constraint> 

</security-constraint> 

<login-config> 

   <auth-method>FORM</auth-method> 

   <realm-name>mywebapp Application</realm-name> 

   <form-login-config> 

      <form-login-page>/protectedarea/login.html</form-login-page> 

      <form-error-page>/protectedarea/error.html</form-error-page> 

   </form-login-config> 

</login-config> 




- login.html has the following login form (stripped of formatting here 
for clarity):


<form action="j_security_check" method="POST">
E-mail address: <input type="text" name="j_username"/>
Password:       <input type="password" name="j_password"/>

<input type="submit" value="Login"/><input type="reset" value="Clear"/> 


</form>


- I also have subdirectories (with images, javascripts, css) in 
mywebapp/protectedarea. The html files in protectedarea (index.html, 
login.html, and error.html) refer to the contents of these 
subdirectories when loading javascripts, css, and images.


NOW,


The problem #1 is: login.html displays a form BUT there is NO images, NO 
CSS formatting, and Javascript! The page displays just a raw form.



The problem #2 is: after successful authentication the browser shows the 
SOURCE of the first javascript referenced in index.html, instead of 
index.html. The strangest thing is that after reloading the page 
(index.html) everything displays fine, including the login.html.



The problems reoccur after cleaning the cash and cookies of the browser. 
It looks like there is a temporary problem with context which gets 
resolved somehow after the first login attempt.



Please, could somebody give me some advise/explanation, I have NO IDEA 
what is happening. Again, the BASIC authentication works fine, but I 
don't like this pop-up window and would like to use my own login form.


Thanks a lot,
Alex


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to