• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

Form Based Authentication

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have been trying to use form based authentication without much success. I have a simple web application that gives access to some resources. I start with a login page and from this page I want to forward authorized users to the resources (web page). After configuring the web.xml file, how exactly do I state which page to forward to after a successful login?

I have read quite a bit of stuff about using j_security_check, but nothing tells me how to specify where to go after a user has logged in successgully.

Anyone wiht some light?
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You don't specify that directly. You access the page, and -upon seeing that is protected- the server will redirect to the login page, and upon suscessful login, back to the page that was first requested. So the first page to access isn't the login page, it's the main content-bearing page.
 
Princeton Ebanks
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks, I suspected it would be so. Now, I get the first part. I have renamed made my main content page (index.jsp) and now indeed the server redirects to the login page (loginForm.jsp). I however do not go back to the original page requested when I type in my username and password correctly. I get the error page.

I am using a java db database as my credentials source. I think I have configured my server.xml file properly. The code below shows the relevant section from 'server.xml'

<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99"
driverName = "org.apache.derby.jdbc.ClientDriver"
connectionURL="jdbc:derby://localhost:1527/OfficeAppsDB"
connectioinName="admin"
connectionPassword="Passw0rd"
userTable="users"
userNameCol="username"
userCredCol="userpassword"
userRoleTable="user_roles"
roleNameCol="rolename"
/>


Is there anything I am missing out?
 
Princeton Ebanks
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Apart from the obvious spelling error in the realm definition, the issue was two-fold.

The realm had to be defined in a separate file, not the 'server.xml' file. Apache uses this file to define its own realm used to allow users to actually start the server. For your own application, you must define your realm in the 'context.xml' file of the application (in NetBeans). This may be <application_name>.xml for other IDEs (perhaps Eclipse).

Also, the jar file for the database to be used for authentication had to be placed in the apache tomcat lib folder. This doesn't sound very scalable, but understandable if you are using a custom database for your credentials data source. Using LDAP would be handy, wouldnt it?

One small problem: the permission granted is somehow tied to the browser. I had another browser window (tab) open before launcing my application. After closing my tab and relaunching, I went straight to the 'protected' page.

How do I limit the authentication to the session and NOT the application?
[ March 28, 2008: Message edited by: Princeton Ebanks ]
 
when your children are suffering from your punishment, tell your them it will help them write good poetry when they are older. Like this tiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic