This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat BASIC authentication fails in certain cases

 
Markus Reinhardt
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I've got some issue, that I can't explain. I am running a Web-Application that provides a special login for certain customers. I am running a Tomcat Server (Version 5.5.17), using BASIC authentication configured in my web.xml:



Now if I and my colleagues log into this app everthing works fine. But one customer (one I know of) is not able to login. I first thought this is some kind of browser issue, but firefox as well as IE refuse to login. The always give 401 (not 403) after 3 'failed' attempts.

I am absolutely sure, that the provided username and password are correct. I am able to login with these.

To make things even trickier: If I provide the customer with a login to the tomcat manager webapp via tomcat-users.xml, he is able to login without problems.

I am totally !! In fact, the login action is never reached. Maybe there is some issue with SHA-1 password encryption? With the encoding (user and password contain only ASCII)?

Following my struts Login action, my context.xml and the struts-config.xml part for login:

LoginAction.java


META-INF/context.xml



struts-config.xml

[ August 27, 2006: Message edited by: Markus Reinhardt ]
 
pawank gupta
Ranch Hand
Posts: 34
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
the problem is ur authentication method did not call during this execution u need to call the authentication machenism of ur realm.

and if u want to call the authentication at the page calling u can do it via using <security-constrain> tag where u need to give the url of pages which want authentication .

like

<security-constraint>
<web-resource-collection>
<web-resource-name>mytest</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>MyRealm</realm-name>
</login-config>

try this also
 
Markus Reinhardt
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your reply.

But my web.xml contains a security-constraint. I just forgot to copy and paste it *shameonme*

The problem persists, does anyone have any other ideas?

 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic