• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem with secure connection and Form Based Authentication

 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Firefox can't establish a connection to the server at localhost:8443.


Message that I am getting when I try to establish a secure a connection with
Form based authentication

Here is my code



Scenario-II

I am executing the application without <user-data-constraint> element
in web.xml file. The servlet which is refered by ["Beer/AddRecipe/*"] has
both GET and POST method implementations. I don't understand why the GET
implementation is being invoked when I provide the correct username/password
in custom login page.

Kindly guide me.

[ December 14, 2005: Message edited by: Vishnu Prakash ]
[ December 14, 2005: Message edited by: Vishnu Prakash ]
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which servlet container are you using? Have you configured it to use SSL?
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using tomcat 5. I didn't configure with SSL.

I appreciate if you help me with a tutorial/link to start with SSL.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to configure SSL and enable SSL on port 8443 before you can use it. This happens in the <tomcat_home>/conf/server.xml file.

A good HOWTO is on the tomcat site:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
 
Vishnu Prakash
Ranch Hand
Posts: 1026
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No problems, tell us how you go.
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am executing the application without <user-data-constraint> element
in web.xml file.


Request Header for a constrained Resource

POST /SecurityCheck/Beer/AddRecipe/* HTTP/1.1


Response Header for a constrained Resource

HTTP/1.x 200 OK


But the server is supposed to issue a 401 Unauthorized response here. This happens only when I use <auth-method> as FORM. I tried with BASIC, for which I received a 401 Unauthorized response.


The servlet which is refered by ["Beer/AddRecipe/*"] has both GET and POST method implementations. I don't understand why the GET implementation is being invoked when I provide the correct username/password.


I found the answer for this.

Excerpt from w3.org

Note: However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless
of the original request method.
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

No problems, tell us how you go.


Not smooth.

After all those configuration chages in server.xml and creating my own certificate using keytool I am able to switch from http to https.

I face two problems after the protocol transfer.

1. since I had configured FORM based authentication once the protocol switch has been made the server is to supposed to send a 401 Unauthorized response since the requested resource is constrained resource which is configured in <security-constraint>. But this not happening. Server directly serves the request. I tried even with <auth-method>BASIC</auth-method>. No use.

If this works fine then

2. How to switch back to http after the credentials are authenticated against the login user data configured in the server.[tomcat_users.xml]
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there anyone who has worked in declarative security/Form based Authentication.

can anyone point me to good resource on this subject.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic