File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Security Constraints in Tomcat will not work! [SOLVED] Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Security Constraints in Tomcat will not work! [SOLVED]" Watch "Security Constraints in Tomcat will not work! [SOLVED]" New topic
Author

Security Constraints in Tomcat will not work! [SOLVED]

Adam Brundrett
Greenhorn

Joined: Jul 18, 2008
Posts: 14
I'm setting up basic security in my app so that the user has to enter a username/password to enter the site.

web.xml entry:



Entry in the tomcat-users.xml



So, it's set up to use the MemoryRealm.

The issue is that I do not get the pop up box requesting username/password. All I get is a 401 error security error....no error log entries, nothing.

Any ideas? Does the web-resource-name actually have to reference a name registered elsewhere in the web.xml? Clutching at straws here. If I go to the tomcat manager I get the popup requesting username/password entry and as far as I can see my entries in the web.xml and tomcat-users.xml are similar to those for the manager app

[ July 18, 2008: Message edited by: Adam Brundrett ]
[ July 22, 2008: Message edited by: Adam Brundrett ]
Adam Brundrett
Greenhorn

Joined: Jul 18, 2008
Posts: 14
Eventually found the answer! I had an entry in the web.xml defining the error page for a 401 security exception. I guess the way the basic security works is that it effectively catches the initial security exception but rather than showing the error it first shows the pop-up for username/password entry.

However, it seems adding an entry as follows will override this flow of control and go straight to the error page defined:

William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12785
    
    5
Thanks for reporting your solution - I would never have thought of that!
Bill
Adam Brundrett
Greenhorn

Joined: Jul 18, 2008
Posts: 14
By the way...in addition to finding out why I was not getting the pop-up, I found out a solution if you need to leave the 401 error page declaration in your web.xml file for error handling in the overall project.

Basically, make your error page a jsp and add the following code to the top of the page:



Works just fine... ;)
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security Constraints in Tomcat will not work! [SOLVED]