This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Studying HeadFirst book: cannot make authentification Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Studying HeadFirst book: cannot make authentification" Watch "Studying HeadFirst book: cannot make authentification" New topic
Author

Studying HeadFirst book: cannot make authentification

Dmitry Zhuravlev
Ranch Hand

Joined: Apr 14, 2010
Posts: 91
Hello Everyone!

I'm studying Servlets/JSP using famous HeadFirst book and now in the chapter about Authentication. The problem is that I cannot login to my web app. I dont know why. I use FORM authentication method and I have created the login form. But when I enter username and password nothing going on. It just redirects me to the error login page. I am using the login and password from tomcat-users.xml:


Exactly the same situation was when I was trying to use BASIC authentication method, except that it was not redirecting me to error page, but showing password dialog again. What should I do to fix this? I have forgotten to implement something, I guess....
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9291
    
  17

Can you show us the security configuration that you are using in your web.xml...


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Dmitry Zhuravlev
Ranch Hand

Joined: Apr 14, 2010
Posts: 91
Yes sure.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

Can you also show loginpage.html, and also which url you are accessing ?


[My Blog]
All roads lead to JavaRanch
Rajeev Rnair
Ranch Hand

Joined: Mar 22, 2010
Posts: 308



Hi, Since you have added <transport-guarantee> as CONFIDENTIAL, after login page container will redirect to an https page. If you haven't configured https in tomcat, it may redirect to login-error page. Please comment the <user-data-constraint> and see if it works!


SCJP6, SCWCD5, OCP-JBCD5, OCE-JWSD6 OCE-JPAD6 , OCM-JEA5 1,OCM-JEA5 2,3 - Brainbench certifications: J2EE, Java2, Java2-NonGUI, JSP, SQL2000 Admin, SQL2000 Programming , Brainbench certified Java Programmer, Computer Programmer, Web Developer, Database Administrator
Dmitry Zhuravlev
Ranch Hand

Joined: Apr 14, 2010
Posts: 91
Christophe,
its simple:

But authentication doesn't work even if I use the BASIC type.

Rajeev,
unfortunately this doesn't help
Rajeev Rnair
Ranch Hand

Joined: Mar 22, 2010
Posts: 308

Hi Dmitry, when you change <auth-method> to BASIC, are you getting the default tomcat login page? If so, what happens when you submit?
Also please show the URL you are trying to access.

Thanks,
Dmitry Zhuravlev
Ranch Hand

Joined: Apr 14, 2010
Posts: 91
Rajeev, here are some news:

I am using NetBeans IDE under which my tomcat runs. It turned out that there is a SECOND tomcat-users.xml file located in my documents/netbeans/... folder. And it really works. I have added my users and roles to that file and now BASIC authentication WORKS! But FORM authentication still redirects me to the error page

I try to reach MYAPPNAME/newform.html

When I am using BASIC authentocation (which now works) I see a standart javascript dialog for entering login/password in Firefox and much more goodlooking Windows7 login screen dialog in IE.
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1627
    
  23

Hi Dmitry,

You have identified the correct tomcat-users.xml.

Have you tried accessing the login page directly like:
MYAPPNAME/loginpage.html

Is that possible?

Regards,
Frits
Dmitry Zhuravlev
Ranch Hand

Joined: Apr 14, 2010
Posts: 91
Frits,
yes this is possible. Actually reaching login page never was a problem, but still I cannot login using FORM authentication method.

May be the reason is Netbeans. It has its own account called ide and probably user is logged in automatically while using NetBeans. What usually happens when the user that is logged in tries to log in second time via login form?
Rajeev Rnair
Ranch Hand

Joined: Mar 22, 2010
Posts: 308

Hi Dmitry, could you please deploy your code in a standalone Tomcat (ver 5.5) and see if it makes any difference?
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1627
    
  23

What usually happens when the user that is logged in tries to log in second time via login form?

Nothing, a user only has to login once.

Does netbeans have an integrated browser? Otherwise try accessing the protected URL via another browser (different user, so should give you the login page). Or maybe netbeans hasn't implemented the FORM authentication... try tomcat as Rajeev was suggesting.

Regards,
Frits
Dmitry Zhuravlev
Ranch Hand

Joined: Apr 14, 2010
Posts: 91
Frits,
actually I am using tomcat, as far as I understand netbeans is just an interface.

OK, I will try to deploy application on server though I was never doing this.. Now I have started the server without Netbeans, and copied my build folder from my documents to webapps. Now I can open every html form in my application, it looks like tomcat is not using my web.xml file. It is set properly: in the webapps/myapp/WEB-INF. What should I do after coping my build files to server webapp folder to deploy my application manually? At the moment my web.xml is out of the game.
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1627
    
  23

Hi Dmitry,

Creating a war file manually is done like this (example from SCWCD Study Guide by David Bridgewater)

Set the classpath to include the servlet.jar of tomcat:
  • set classpath=.;C:\Program Files\Apache Software Foundation\Tomcat 5.5\common\lib\servlet-api.jar

  • Compile your Servlet:
  • javac webcert\ch03\ex0304\MicroPaymentServlet.java -d ..\classes

  • Create a war file:
  • jar cvf0 ex0304.war .

  • Copying the war file to tomcat webapps folder:
  • C:\Program Files\Apache Software Foundation\Tomcat 5.5\webapps\

  • Start tomcat
  • C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe


  • Regards,
    Frits
    Dmitry Zhuravlev
    Ranch Hand

    Joined: Apr 14, 2010
    Posts: 91
    Fixed!!!

    Guys, thank you all for the assistance. The problem was in the loginform file which had different quotas inside because of copy-pasting from the book. I often meet this type of error, I should have been more concentrated. Now I will proceed with the last chapter of the book. Thanks!
     
    Don't get me started about those stupid light bulbs.
     
    subject: Studying HeadFirst book: cannot make authentification
     
    Similar Threads
    security-constraint
    Tomcat 7.0 Manager's Username and Password
    Problem While Enabling Authentication
    HTTP Status 403 Access to the requested resource has been denied
    action="j_security_check"