This week's book giveaway is in the Java 8 forum.
We're giving away four copies of Java 8 in Action and have Raoul-Gabriel Urma, Mario Fusco, and Alan Mycroft on-line!
See this thread for details.
The moose likes Tomcat and the fly likes How to provide security for web-application using UserDataSource through Apache server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "How to provide security for web-application using UserDataSource through Apache server" Watch "How to provide security for web-application using UserDataSource through Apache server" New topic
Author

How to provide security for web-application using UserDataSource through Apache server

Snehitha Prasad
Ranch Hand

Joined: Jul 06, 2012
Posts: 32
Hi ,

I have a problem with web-security using tomcat. I have developed one web application and provide security for that.but it didn't work properly.
what i mean is i took 'manager' as one role and i declared username and password in tomcat-users.xml. but when access particular resource with in that application i is displaying one customized dialogue box(login.html) and asking userid and password for authentication.but when we enter valid credentials it still displaying "sorry , login failed" message.

Can someone help me on this.following is my code.


tomcat-users.xml:



web.xml :


server.xml :


login.html :


login-failed.html



Thanks in Advance,

snehithaprasad.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15665
    
  15

I cannot see anything obviously wrong, although trying to read that much information onscreen is not easy for me. It would be a good idea if you made your login and fail webpages be complete well-formed html (with <html;>, <head> and <body>) tags, but I don't think that's the actual problem.

As far as I can tell, the files are all configured properly, otherwise the login screen would not be displayed when you requested the ManagerAddDailyStatus.do URL. So the most likely thing to check after that is to make sure that the userid that Tomcat runs under is permitted to read the TOMCAT_HOME/conf/tomcat-users.xml file.

If you get really desperate, you can enable Tomcat's logging and see what it's actually doing, but usually it's not necessary to do that.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to provide security for web-application using UserDataSource through Apache server
 
Similar Threads
How to provide security for web-application using UserDataSource through Apache server
DatasourceRealm just ain't working
SSL on Tomcat -- No, not your typical question!
Unable to login to manager GUI
problem in starting tomcat with eclipse