Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Problem with secure connection and Form Based Authentication

 
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Firefox can't establish a connection to the server at localhost:8443.



Message that I am getting when I try to establish a secure a connection with
Form based authentication

Here is my code



Scenario-II

I am executing the application without <user-data-constraint> element
in web.xml file. The servlet which is refered by ["Beer/AddRecipe/*"] has
both GET and POST method implementations. I don't understand why the GET
implementation is being invoked when I provide the correct username/password
in custom login page.

Kindly guide me.

[ December 14, 2005: Message edited by: Vishnu Prakash ]
[ December 14, 2005: Message edited by: Vishnu Prakash ]
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Which servlet container are you using? Have you configured it to use SSL?
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am using tomcat 5. I didn't configure with SSL.

I appreciate if you help me with a tutorial/link to start with SSL.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You need to configure SSL and enable SSL on port 8443 before you can use it. This happens in the <tomcat_home>/conf/server.xml file.

A good HOWTO is on the tomcat site:
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks David.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No problems, tell us how you go.
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I am executing the application without <user-data-constraint> element
in web.xml file.



Request Header for a constrained Resource


POST /SecurityCheck/Beer/AddRecipe/* HTTP/1.1



Response Header for a constrained Resource


HTTP/1.x 200 OK



But the server is supposed to issue a 401 Unauthorized response here. This happens only when I use <auth-method> as FORM. I tried with BASIC, for which I received a 401 Unauthorized response.


The servlet which is refered by ["Beer/AddRecipe/*"] has both GET and POST method implementations. I don't understand why the GET implementation is being invoked when I provide the correct username/password.



I found the answer for this.

Excerpt from w3.org


Note: However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless
of the original request method.

 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


No problems, tell us how you go.



Not smooth.

After all those configuration chages in server.xml and creating my own certificate using keytool I am able to switch from http to https.

I face two problems after the protocol transfer.

1. since I had configured FORM based authentication once the protocol switch has been made the server is to supposed to send a 401 Unauthorized response since the requested resource is constrained resource which is configured in <security-constraint>. But this not happening. Server directly serves the request. I tried even with <auth-method>BASIC</auth-method>. No use.

If this works fine then

2. How to switch back to http after the credentials are authenticated against the login user data configured in the server.[tomcat_users.xml]
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there anyone who has worked in declarative security/Form based Authentication.

can anyone point me to good resource on this subject.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic