aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes action= Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "action="j_security_check"" Watch "action="j_security_check"" New topic
Author

action="j_security_check"

stefania ferrarelli
Greenhorn

Joined: Jul 26, 2009
Posts: 29
Hi,
I am trying to practice about security. In Form based authentication on action="j_security_check" I get

The requested resource (/Form_auth_method/j_security_check) is not available.

Isn't the target j_security_check provided by the application server?

and I created a user, a password with an existing role in tomcat-users.xml .I it necessary to create the user in tomcat-users.xml?
Is there the necessity to configure the security-role on DD?I suppose i miss something...
Stefania
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1731
    
  25

Hi Stefania,

Do you have a <security-constraint> in your web.xml? You can secure a Servlet with a <auth-constraint> using the role you used in your tomcat-users.xml.
Like:


and I created a user, a password with an existing role in tomcat-users.xml .I it necessary to create the user in tomcat-users.xml?

Yes, you need a user and role in the tomcat-users.xml
Is there the necessity to configure the security-role on DD?

Yes, you also need that (and you will use that role in the security-constraints <auth-constraint>)

Regards,
Frits
stefania ferrarelli
Greenhorn

Joined: Jul 26, 2009
Posts: 29
Hi Fritz,
thanks to your suggestion I wrote a <security-constraint>

on tomcat-users.xml I have more users with the role 'role1'

and despite writing on web.xml:



I can access to protected-page.jsp only using username=role1 or username=both, using other usernames and passwords I get the error.jsp..I created a new role consultant on tomcat-users.xml, added the security-role and the role-name, but couldn't access the same the protected-page.jsp, I don't know why...
Thanks
Stefania

Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1731
    
  25

Hi Stefania,

It looks like the tomcat-users file you are changing is not the one for your web-application.

Are you using Eclipse with integrated tomcat server? If so, you should look for the tomcat-users.xml file in your server-definition.

Regards,
Frits
stefania ferrarelli
Greenhorn

Joined: Jul 26, 2009
Posts: 29
Hi Fritz,
you were right, I mixed up the tomcat-users.xml but now I added a new role to the right tomcat embeded into netbeans- old version 5.5.1- but it still doesn't work. It still works only for users with role="role1" that was already defined. Can I add rolenames to tomcat-users.xml?I also cannot understand why rolenames are not defined in tomcat but for example role1 works.

Shouldn't it be mandatory to define the rolenames for roles tomcat or role1 ?
Moreover on another IDE- netbeans 6.9.1 -I always get the the error page despite making the same configuration, working on 5.5.1 IDE.
No idea why...
Thank you once more
Stefania
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1731
    
  25

Hi Stefania,

I haven't worked with NetBeans before, but I downloaded it and tried your setup on the newest NetBeans version. I got it working and I made a document with screenshots of how I did it.

Have a look at my setup:
Instruction Security NetBeans

(if you can't download the doc I am willing to email it)
Regards,
Frits
stefania ferrarelli
Greenhorn

Joined: Jul 26, 2009
Posts: 29
Hi Fritz,
I downloaded your document and I'll follow your instructions(next reply).
Thank you for your help, sometimes I think this exam is a neverending one, but this forum encourages me to continue with the next chapter...
Stefania
stefania ferrarelli
Greenhorn

Joined: Jul 26, 2009
Posts: 29
Hi Frits,
I followed the document step by step - do you think it is better not to write web.xml by hand?- and now on Netbeans 6.9.1 project SecurityExample I think to have the right configuration; I had a comment wrapping role entries -I didn't notice before, now I removed it but I get the error page regardless of the username and password I enter.Just for check I send the web.xml


and tomcat-users.xml


I think there is no apparent reason for this problem.I have two tomcat versions but on the IDE I use tomcat 6.0.26.
I'll try on the old 5.5.1 version IDE.
Thank you very much for your clear document.
Stefania

Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1731
    
  25

Hi Stefania,
I followed the document step by step - do you think it is better not to write web.xml by hand?

No, it is better to write the web.xml by hand and it is also better to create your .war file by hand. That way you know it should be done in the world without IDE's (have a look at the following topic War by hand)

I verified your settings with mine and they are exactly the same. The only difference is the version of tomcat (5.5 vs 6.0). Have a look if that was the problem, otherwise try to follow the War by hand instruction and deploy it on the tomcat5.5 server. This should work

Just to be sure it is not the problem of the URL: what is the URL you are typing in? You are getting to the login.jsp, right?

Regards,
Frits
stefania ferrarelli
Greenhorn

Joined: Jul 26, 2009
Posts: 29
Hi Frits,
at last I solved the mistery of the lost security!Unfortunatly it was not a true mistery, only the sum of my mistakes.I changed tomcat-users.xml once on catalina base once on catalina home, moreover on catalina base I had another comment wrapping role entries.Now I made all the changes on catalina base and everything works on both IDE versions.On the subject of these two system properties, I have only catalina_home between my environment variables, shouldn't I make a variable catalina_base?
Morever, is it right this definition I found on the web?
"The presence of those two properties is required only when you want to use multiple instances of Tomcat without having to install the software multiple times, and not wasting disk space.
The first properties (catalina.home) points to the location of the common information, while the other property (catalina.base) points to the directory where all the instance specific information are held."
If I'm using only one instance of tomcat inside the IDE, why changes on catalina_home didn't work?Why Netbeans IDE looks into the base directory by default?
Probably I'm still mixing it up???
Thanks
Ciao
Stefania

Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1731
    
  25

Hi Stefania,
at last I solved the mistery of the lost security!

Congratulations

I have only catalina_home between my environment variables, shouldn't I make a variable catalina_base?

I have never used the variable catalina_base so I can't advise you here...

Anyway, problem solved!

Regards,
Frits

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: action="j_security_check"