aspose file tools*
The moose likes Servlets and the fly likes Problem with secure connection and Form Based Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Problem with secure connection and Form Based Authentication" Watch "Problem with secure connection and Form Based Authentication" New topic
Author

Problem with secure connection and Form Based Authentication

Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026

Firefox can't establish a connection to the server at localhost:8443.


Message that I am getting when I try to establish a secure a connection with
Form based authentication

Here is my code



Scenario-II

I am executing the application without <user-data-constraint> element
in web.xml file. The servlet which is refered by ["Beer/AddRecipe/*"] has
both GET and POST method implementations. I don't understand why the GET
implementation is being invoked when I provide the correct username/password
in custom login page.

Kindly guide me.

[ December 14, 2005: Message edited by: Vishnu Prakash ]
[ December 14, 2005: Message edited by: Vishnu Prakash ]

Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Which servlet container are you using? Have you configured it to use SSL?
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
I am using tomcat 5. I didn't configure with SSL.

I appreciate if you help me with a tutorial/link to start with SSL.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

You need to configure SSL and enable SSL on port 8443 before you can use it. This happens in the <tomcat_home>/conf/server.xml file.

A good HOWTO is on the tomcat site:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
Thanks David.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

No problems, tell us how you go.
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026

I am executing the application without <user-data-constraint> element
in web.xml file.


Request Header for a constrained Resource

POST /SecurityCheck/Beer/AddRecipe/* HTTP/1.1


Response Header for a constrained Resource

HTTP/1.x 200 OK


But the server is supposed to issue a 401 Unauthorized response here. This happens only when I use <auth-method> as FORM. I tried with BASIC, for which I received a 401 Unauthorized response.


The servlet which is refered by ["Beer/AddRecipe/*"] has both GET and POST method implementations. I don't understand why the GET implementation is being invoked when I provide the correct username/password.


I found the answer for this.

Excerpt from w3.org

Note: However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless
of the original request method.
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026

No problems, tell us how you go.


Not smooth.

After all those configuration chages in server.xml and creating my own certificate using keytool I am able to switch from http to https.

I face two problems after the protocol transfer.

1. since I had configured FORM based authentication once the protocol switch has been made the server is to supposed to send a 401 Unauthorized response since the requested resource is constrained resource which is configured in <security-constraint>. But this not happening. Server directly serves the request. I tried even with <auth-method>BASIC</auth-method>. No use.

If this works fine then

2. How to switch back to http after the credentials are authenticated against the login user data configured in the server.[tomcat_users.xml]
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
Is there anyone who has worked in declarative security/Form based Authentication.

can anyone point me to good resource on this subject.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Problem with secure connection and Form Based Authentication