aspose file tools*
The moose likes Tomcat and the fly likes FORM authentication with TomCat 5 - jwsdp-1.4 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "FORM authentication with TomCat 5 - jwsdp-1.4" Watch "FORM authentication with TomCat 5 - jwsdp-1.4" New topic
Author

FORM authentication with TomCat 5 - jwsdp-1.4

Laurent Salse
Greenhorn

Joined: Nov 07, 2004
Posts: 14
Dear all,

I'm just finished with my little apps (4 jsp and 3 servlets !) and I am trying to implement a simple authentication procedure ...

I decided to try a "standard" FORM authentication since it is depicted as a very mere job !

The problem is that whatever I put in my DD web.xml, the server let me access to my JSP and Servlets w/o any request for authentication.

In order to test the server I tried the autentication example from TomCat (/jsp-example/security/protected/) and it works fine ; I guess that the configuration file server.xml is correct.

Herebelow is my DD web.xml and my tomcat-users.xml.

Thanks for any hints from anywhere that could help me find what I've missed
Regards
Laurent

web.xml :
=============================
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns = "http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">

<servlet>
<servlet-name>Select Ordres</servlet-name>
<servlet-class>servlet.SelectOrdres</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Select Ordres</servlet-name>
<url-pattern>/SelectOrdres.do</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>MaJ DataBase</servlet-name>
<servlet-class>servlet.MajDataBase</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>MaJ DataBase</servlet-name>
<url-pattern>/MajDataBase.do</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Selection Ordres</servlet-name>
<servlet-class>servlet.SelectionOrdres</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Selection Ordres</servlet-name>
<url-pattern>/SelectionOrdres.do</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Statut Ordres</servlet-name>
<servlet-class>servlet.StatutOrdres</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Statut Ordres</servlet-name>
<url-pattern>/StatutOrdres.do</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Tomcat Server Configuration Security Constraint</display-name>
<web-ressource-collection>
<web-ressource-name>UpdateStatut</web-ressource-name>
<url-pattern>/*.jsp</url-pattern>
<url-pattern>/*.do</url-pattern>
<url-pattern>/*.html</url-pattern>
</web-ressource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>

<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Tomcat Server Configuration Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>manager</role-name>
</security-role>

tomcat-users.xml :
==========================================================================<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin" description="Administration Tool users"/>
<role rolename="guest" description="affichage seulement"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="role1" fullName="role guest pour l'affichage"/>
<user username="lsalse" password="lsalse" fullName="Laurent SALSE" roles="admin,manager"/>
</tomcat-users>
 
Don't get me started about those stupid light bulbs.
 
subject: FORM authentication with TomCat 5 - jwsdp-1.4