• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Form based authentication probelm in Tomcat 6

 
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I am trying to introduce authentication for some restricted resource in my we application.
I have introduced <security-constraint>.... </security-constraint> for secured resource and also I configured loginForm and loginError page.

So whenever I make a request to that secured resource, it asks for login id and password.

Now my issue is, the credentials I passed in the login form is not validated. Its always saying try again even if I provide the name/password that is present in tomcat-users.xml.

In server.xml , I added this line


In tomcat-users.xml, I modified,


Could you make out, what am I missing so that even if I enter aaaa/bbbbbbbb, why its not considerd as authenticated user?

-Thanks in advance
 
Ranch Hand
Posts: 470
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

sujith Acharya wrote:
In server.xml , I added this line




Have you defined the UserDatabase resource in server.xml. Something like?

 
sujith Acharya
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Misha for your reply..


<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml"
readonly="false"
/>



is alredy present in server.xml..

Any other hint that I need to try?
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is one of those nasty problems where if I actually had my hands on, I could probably make it function in short order, but it's difficult to diagnose from a remote point of view.

The most obvious thing to check would be the web.xml file to make sure that you're really set up properly for container-base authentication and authorization. The only other thing I can think of offhand is that you could have another Realm definition that's pre-empting the one you think you're using.

One thing, however. If the url j_security_check is displayed in your browser navigation bar, it means you've fallen out of the security process. You can't invoke j_security_check directly.
 
sujith Acharya
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello Tim,

as you mentioned, j_security_check displayed in the browser..

http://localhost:8080/logintest/secure/j_security_check



where I might be going wrong? I have changed in server.xml of tomcat directory and web.xml of application.
Any other file I need to be changed?

-Thanks
 
Tim Holloway
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Those are the only 2 files that must be configured. web.xml to switch on security, define what URLs will require a logged-in user and what roles are permitted access. server.xml (or one or more context xml files) to define the realm. Some Realms have their own file requirements, such as tomcat-users.xml for the MemoryRealm, but that doesn't seem to be the problem here.
 
reply
    Bookmark Topic Watch Topic
  • New Topic