File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes form authentication failure in tomcat7 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "form authentication failure in tomcat7" Watch "form authentication failure in tomcat7" New topic
Author

form authentication failure in tomcat7

DTR Prasad
Greenhorn

Joined: Aug 07, 2008
Posts: 3
I have a servlet like
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletException;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
import java.util.HashMap;

public class SecureServlet extends HttpServlet {
Map<String,String> persons;

protected void doGet(HttpServletRequest arg0,
HttpServletResponse arg1)
throws ServletException, IOException {
doPost(arg0,arg1);
}

public void init()throws ServletException {
persons = new HashMap<String,String>();

persons.put("sanjeevan","Analyst");
persons.put("sandeepan","Manager");
persons.put("subba rao","Asst Manager");
persons.put("velavan","Manager");
}

protected void doPost(HttpServletRequest req,
HttpServletResponse res)
throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
System.out.println("KKK");
String name = req.getParameter("personName");
out.println("<center>Welcome to Basic Secured Servlet
");
name = name.toLowerCase();
System.out.println(".."+name);
if(persons.containsKey(name)) {
String position = persons.get(name);
out.println("
The person asked is:"+name);
out.println("
The position is:"+position+"
</center>");
}
else {
out.println("
The given :"+name+" is not there");
}
String authType = req.getAuthType();
System.out.println("**"+authType);
if(authType.equals("FORM"))
{
java.security.Principal pl = req.getUserPrincipal();
System.out.println(pl.getName());
}
out.close();
}
}

my web.xml configuration
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0"
metadata-complete="true">

<servlet>
<servlet-name>secure</servlet-name>
<servlet-class>SecureServlet</servlet-class>
</servlet>

<servlet>
<servlet-name>mySecure</servlet-name>
<servlet-class>ManageSecureServlet</servlet-class>
</servlet>


<servlet-mapping>
<servlet-name>mySecure</servlet-name>
<url-pattern>/mesecure</url-pattern>
</servlet-mapping>


<servlet-mapping>
<servlet-name>secure</servlet-name>
<url-pattern>/secure</url-pattern>
</servlet-mapping>

<welcome-file-list>
<welcome-file>posting.html</welcome-file>
</welcome-file-list>

<security-constraint>

<web-resource-collection>
<web-resource-name>one security test</web-resource-name>
<url-pattern>/secure</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>sysadmin</role-name>
</auth-constraint>

<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>

</security-constraint>

<login-config>
<!--

<auth-method>BASIC</auth-method>
<realm-name>one security test</realm-name>
-->

<auth-method>FORM</auth-method>
<realm-name>one security test</realm-name>

<form-login-config>
<form-login-page>/formLogin.jsp</form-login-page>
<form-error-page>/formLogin.jsp?error=true</form-error-page>
</form-login-config>

</login-config>

<security-role>
<role-name>sysadmin</role-name>
</security-role>

</web-app>

i am using tomcat-users.xml as memory-realm
it is working with "BASIC"
but if FORM is given it is not retaining old request parameter's value and showing null

my sec.xml [context] file is
<Context path="/sec" docBase="D:\secureTest" reloadable="true" preemptiveAuthentication="true" >
</Context>
it is working fine in tomcat6

i will be thankful to know any additional steps are to be taken
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: form authentication failure in tomcat7
 
Similar Threads
Problems with Deployment Descriptor
Declarative security in web.xml?? is this secure??
How authorization constraint effects authentication?
Declarative Security with Java EE (Glassfish)
authentication problem