aspose file tools*
The moose likes Servlets and the fly likes Tomcat BASIC authentication fails in certain cases Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Tomcat BASIC authentication fails in certain cases" Watch "Tomcat BASIC authentication fails in certain cases" New topic
Author

Tomcat BASIC authentication fails in certain cases

Markus Reinhardt
Greenhorn

Joined: Jun 12, 2006
Posts: 2
Hi,

I've got some issue, that I can't explain. I am running a Web-Application that provides a special login for certain customers. I am running a Tomcat Server (Version 5.5.17), using BASIC authentication configured in my web.xml:



Now if I and my colleagues log into this app everthing works fine. But one customer (one I know of) is not able to login. I first thought this is some kind of browser issue, but firefox as well as IE refuse to login. The always give 401 (not 403) after 3 'failed' attempts.

I am absolutely sure, that the provided username and password are correct. I am able to login with these.

To make things even trickier: If I provide the customer with a login to the tomcat manager webapp via tomcat-users.xml, he is able to login without problems.

I am totally !! In fact, the login action is never reached. Maybe there is some issue with SHA-1 password encryption? With the encoding (user and password contain only ASCII)?

Following my struts Login action, my context.xml and the struts-config.xml part for login:

LoginAction.java


META-INF/context.xml



struts-config.xml

[ August 27, 2006: Message edited by: Markus Reinhardt ]
pawank gupta
Ranch Hand

Joined: Jun 07, 2006
Posts: 34
hi,
the problem is ur authentication method did not call during this execution u need to call the authentication machenism of ur realm.

and if u want to call the authentication at the page calling u can do it via using <security-constrain> tag where u need to give the url of pages which want authentication .

like

<security-constraint>
<web-resource-collection>
<web-resource-name>mytest</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyRealm</realm-name>
</login-config>

try this also
Markus Reinhardt
Greenhorn

Joined: Jun 12, 2006
Posts: 2
Thanks for your reply.

But my web.xml contains a security-constraint. I just forgot to copy and paste it *shameonme*

The problem persists, does anyone have any other ideas?

 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Tomcat BASIC authentication fails in certain cases
 
Similar Threads
problem with j_security_check
struts and jndi problem
Hibernate not finding Oracle driver - despite straight JDBC working
How to use DataSourceRealm?
adding a Datasource to tomcat jndi