Firefox can't establish a connection to the server at localhost:8443.
Message that I am getting when I try to establish a secure a connection with Form based authentication
Here is my code
I am executing the application without <user-data-constraint> element in web.xml file. The servlet which is refered by ["Beer/AddRecipe/*"] has both GET and POST method implementations. I don't understand why the GET implementation is being invoked when I provide the correct username/password in custom login page.
Kindly guide me.
[ December 14, 2005: Message edited by: Vishnu Prakash ] [ December 14, 2005: Message edited by: Vishnu Prakash ]
I am executing the application without <user-data-constraint> element in web.xml file.
Request Header for a constrained Resource
POST /SecurityCheck/Beer/AddRecipe/* HTTP/1.1
Response Header for a constrained Resource
HTTP/1.x 200 OK
But the server is supposed to issue a 401 Unauthorized response here. This happens only when I use <auth-method> as FORM. I tried with BASIC, for which I received a 401 Unauthorized response.
The servlet which is refered by ["Beer/AddRecipe/*"] has both GET and POST method implementations. I don't understand why the GET implementation is being invoked when I provide the correct username/password.
I found the answer for this.
Excerpt from w3.org
Note: However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless of the original request method.
Joined: Nov 15, 2004
No problems, tell us how you go.
After all those configuration chages in server.xml and creating my own certificate using keytool I am able to switch from http to https.
I face two problems after the protocol transfer.
1. since I had configured FORM based authentication once the protocol switch has been made the server is to supposed to send a 401 Unauthorized response since the requested resource is constrained resource which is configured in <security-constraint>. But this not happening. Server directly serves the request. I tried even with <auth-method>BASIC</auth-method>. No use.
If this works fine then
2. How to switch back to http after the credentials are authenticated against the login user data configured in the server.[tomcat_users.xml]
Joined: Nov 15, 2004
Is there anyone who has worked in declarative security/Form based Authentication.
can anyone point me to good resource on this subject.