my dog learned polymorphism
The moose likes Tomcat and the fly likes FORM authentication with TomCat 5 - jwsdp-1.4 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "FORM authentication with TomCat 5 - jwsdp-1.4" Watch "FORM authentication with TomCat 5 - jwsdp-1.4" New topic

FORM authentication with TomCat 5 - jwsdp-1.4

Laurent Salse

Joined: Nov 07, 2004
Posts: 14
Dear all,

I'm just finished with my little apps (4 jsp and 3 servlets !) and I am trying to implement a simple authentication procedure ...

I decided to try a "standard" FORM authentication since it is depicted as a very mere job !

The problem is that whatever I put in my DD web.xml, the server let me access to my JSP and Servlets w/o any request for authentication.

In order to test the server I tried the autentication example from TomCat (/jsp-example/security/protected/) and it works fine ; I guess that the configuration file server.xml is correct.

Herebelow is my DD web.xml and my tomcat-users.xml.

Thanks for any hints from anywhere that could help me find what I've missed

web.xml :
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns = ""

<servlet-name>Select Ordres</servlet-name>
<servlet-name>Select Ordres</servlet-name>
<servlet-name>MaJ DataBase</servlet-name>
<servlet-name>MaJ DataBase</servlet-name>
<servlet-name>Selection Ordres</servlet-name>
<servlet-name>Selection Ordres</servlet-name>
<servlet-name>Statut Ordres</servlet-name>
<servlet-name>Statut Ordres</servlet-name>
<display-name>Tomcat Server Configuration Security Constraint</display-name>

<!-- Default login configuration uses form-based authentication -->
<realm-name>Tomcat Server Configuration Form-Based Authentication Area</realm-name>

tomcat-users.xml :
==========================================================================<?xml version='1.0' encoding='utf-8'?>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin" description="Administration Tool users"/>
<role rolename="guest" description="affichage seulement"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="role1" fullName="role guest pour l'affichage"/>
<user username="lsalse" password="lsalse" fullName="Laurent SALSE" roles="admin,manager"/>
I agree. Here's the link:
subject: FORM authentication with TomCat 5 - jwsdp-1.4
It's not a secret anymore!