File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes login-config not prompting for user id and password Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "login-config not prompting for user id and password" Watch "login-config not prompting for user id and password" New topic
Author

login-config not prompting for user id and password

Bipra De
Greenhorn

Joined: Nov 06, 2011
Posts: 14
This is my web.xml DD


<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app>

<servlet>
<servlet-name>Ch3 Beer</servlet-name>
<servlet-class>com.example.web.BeerSelect</servlet-class>
</servlet>
<security-role><role-name>admin</role-name></security-role>

<servlet-mapping>
<servlet-name>Ch3 Beer</servlet-name>
<url-pattern>/SelectBeer.do</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>form.html</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<securtiy-constraint>
<web-resource-collection>
<url-pattern>/beerv1/*</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-gurantee>CONFIDENTIAL</transport-gurantee>
</user-data-constraint>
</securtiy-constraint>
</web-app>

This is my tomcat-users.xml file

<?xml version="1.0" encoding="utf-8" ?>
- <tomcat-users>
<role rolename="manager" />
<role rolename="admin" />
<user username="admin" password="" roles="admin,manager" />
</tomcat-users>



Instead of asking for login when trying to access "localhost:8080/beerv1/form.html" , it is allowing me to access it without asking for user id and password. What is the problem?
Thanks in advance.


Warm Regards,
Bipra De.
SCJP 1.6
SCWCD 1.5
Frits Walraven
Creator of Enthuware JWS+ V6
Bartender

Joined: Apr 07, 2010
Posts: 1634
    
  23

Hi Bipra,

There are a couple of things that you have to check and correct:

  • What is the context-root of your application? The URL http://localhost:8080/beerv1/form.html suggests that it is beerv1, do you have a directory /beerv1 under your root?
  • You are using a GET request when requesting http://localhost:8080/beerv1/form.html, and only POST is restricted
  • There is a typo: securtiy-constraint should be security-constraint
  • Remove the whole <user-data-constraint> otherwise you need to setup a HTTPS port in Tomcat to get things working
  • Are there errors when starting-up?


  • Regards,
    Frits
    Bipra De
    Greenhorn

    Joined: Nov 06, 2011
    Posts: 14
    Hello Frits,

    Thanks for your response.beerv1 is the context root of my application and there is no directory with beerv1 under beerv1(i.e context root of my app). In my web.xm , whenl I am giving
    <url-pattern>/*</url-pattern> then the browser asks for user name and password when trying to access form.html(localhost:8080/beerv1/form.html) but when I am giving <url-pattern>/beerv1/*</url-pattern> it does not prompts for user name and password. the page form.html is directly inside the context root i.e beerv1. What is causing this?

    Regards,
    Bipra De.
    Frits Walraven
    Creator of Enthuware JWS+ V6
    Bartender

    Joined: Apr 07, 2010
    Posts: 1634
        
      23

    The URL-pattern is always from the context-root, so in this case
    /* means every URL starting with http://localhost:8080/beerv1/
    /beerv1/* means every URL starting with http://localhost:8080/beerv1/beerv1/

    Just to confirm: create a beerv1 directory under your context-root dir and place the form.html there and see that it will ask for a username and password if you use the following URL http://localhost:8080/beerv1/beerv1/form.html

    Regards,
    Frits
    Bipra De
    Greenhorn

    Joined: Nov 06, 2011
    Posts: 14
    Thanks Frits.It worked. I wasn't aware of this.
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: login-config not prompting for user id and password
     
    Similar Threads
    Webapp-Security chapter revision notes from HFSJ , may be useful
    HTTP Status 403 Access to the requested resource has been denied
    Authentication and Authorization implementation using DD Problem
    login-config not working
    Basic Authentication Does Not Work Properly