• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security Constraints in Tomcat will not work! [SOLVED]

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm setting up basic security in my app so that the user has to enter a username/password to enter the site.

web.xml entry:



Entry in the tomcat-users.xml



So, it's set up to use the MemoryRealm.

The issue is that I do not get the pop up box requesting username/password. All I get is a 401 error security error....no error log entries, nothing.

Any ideas? Does the web-resource-name actually have to reference a name registered elsewhere in the web.xml? Clutching at straws here. If I go to the tomcat manager I get the popup requesting username/password entry and as far as I can see my entries in the web.xml and tomcat-users.xml are similar to those for the manager app

[ July 18, 2008: Message edited by: Adam Brundrett ]
[ July 22, 2008: Message edited by: Adam Brundrett ]
 
Adam Brundrett
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Eventually found the answer! I had an entry in the web.xml defining the error page for a 401 security exception. I guess the way the basic security works is that it effectively catches the initial security exception but rather than showing the error it first shows the pop-up for username/password entry.

However, it seems adding an entry as follows will override this flow of control and go straight to the error page defined:

 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for reporting your solution - I would never have thought of that!
Bill
 
Adam Brundrett
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By the way...in addition to finding out why I was not getting the pop-up, I found out a solution if you need to leave the 401 error page declaration in your web.xml file for error handling in the overall project.

Basically, make your error page a jsp and add the following code to the top of the page:



Works just fine... ;)
 
reply
    Bookmark Topic Watch Topic
  • New Topic