• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

action="j_security_check"

 
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am trying to practice about security. In Form based authentication on action="j_security_check" I get

The requested resource (/Form_auth_method/j_security_check) is not available.

Isn't the target j_security_check provided by the application server?

and I created a user, a password with an existing role in tomcat-users.xml .I it necessary to create the user in tomcat-users.xml?
Is there the necessity to configure the security-role on DD?I suppose i miss something...
Stefania
 
Creator of Enthuware JWS+ V6
Posts: 3412
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Stefania,

Do you have a <security-constraint> in your web.xml? You can secure a Servlet with a <auth-constraint> using the role you used in your tomcat-users.xml.
Like:


and I created a user, a password with an existing role in tomcat-users.xml .I it necessary to create the user in tomcat-users.xml?


Yes, you need a user and role in the tomcat-users.xml

Is there the necessity to configure the security-role on DD?


Yes, you also need that (and you will use that role in the security-constraints <auth-constraint>)

Regards,
Frits
 
stefania ferrarelli
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Fritz,
thanks to your suggestion I wrote a <security-constraint>

on tomcat-users.xml I have more users with the role 'role1'

and despite writing on web.xml:



I can access to protected-page.jsp only using username=role1 or username=both, using other usernames and passwords I get the error.jsp..I created a new role consultant on tomcat-users.xml, added the security-role and the role-name, but couldn't access the same the protected-page.jsp, I don't know why...
Thanks
Stefania

 
Frits Walraven
Creator of Enthuware JWS+ V6
Posts: 3412
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Stefania,

It looks like the tomcat-users file you are changing is not the one for your web-application.

Are you using Eclipse with integrated tomcat server? If so, you should look for the tomcat-users.xml file in your server-definition.

Regards,
Frits
 
stefania ferrarelli
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Fritz,
you were right, I mixed up the tomcat-users.xml but now I added a new role to the right tomcat embeded into netbeans- old version 5.5.1- but it still doesn't work. It still works only for users with role="role1" that was already defined. Can I add rolenames to tomcat-users.xml?I also cannot understand why rolenames are not defined in tomcat but for example role1 works.

Shouldn't it be mandatory to define the rolenames for roles tomcat or role1 ?
Moreover on another IDE- netbeans 6.9.1 -I always get the the error page despite making the same configuration, working on 5.5.1 IDE.
No idea why...
Thank you once more
Stefania
 
Frits Walraven
Creator of Enthuware JWS+ V6
Posts: 3412
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Stefania,

I haven't worked with NetBeans before, but I downloaded it and tried your setup on the newest NetBeans version. I got it working and I made a document with screenshots of how I did it.

Have a look at my setup:
Instruction Security NetBeans

(if you can't download the doc I am willing to email it)
Regards,
Frits
 
stefania ferrarelli
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Fritz,
I downloaded your document and I'll follow your instructions(next reply).
Thank you for your help, sometimes I think this exam is a neverending one, but this forum encourages me to continue with the next chapter...
Stefania
 
stefania ferrarelli
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Frits,
I followed the document step by step - do you think it is better not to write web.xml by hand?- and now on Netbeans 6.9.1 project SecurityExample I think to have the right configuration; I had a comment wrapping role entries -I didn't notice before, now I removed it but I get the error page regardless of the username and password I enter.Just for check I send the web.xml


and tomcat-users.xml


I think there is no apparent reason for this problem.I have two tomcat versions but on the IDE I use tomcat 6.0.26.
I'll try on the old 5.5.1 version IDE.
Thank you very much for your clear document.
Stefania

 
Frits Walraven
Creator of Enthuware JWS+ V6
Posts: 3412
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Stefania,

I followed the document step by step - do you think it is better not to write web.xml by hand?


No, it is better to write the web.xml by hand and it is also better to create your .war file by hand. That way you know it should be done in the world without IDE's (have a look at the following topic War by hand)

I verified your settings with mine and they are exactly the same. The only difference is the version of tomcat (5.5 vs 6.0). Have a look if that was the problem, otherwise try to follow the War by hand instruction and deploy it on the tomcat5.5 server. This should work

Just to be sure it is not the problem of the URL: what is the URL you are typing in? You are getting to the login.jsp, right?

Regards,
Frits
 
stefania ferrarelli
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Frits,
at last I solved the mistery of the lost security!Unfortunatly it was not a true mistery, only the sum of my mistakes.I changed tomcat-users.xml once on catalina base once on catalina home, moreover on catalina base I had another comment wrapping role entries.Now I made all the changes on catalina base and everything works on both IDE versions.On the subject of these two system properties, I have only catalina_home between my environment variables, shouldn't I make a variable catalina_base?
Morever, is it right this definition I found on the web?
"The presence of those two properties is required only when you want to use multiple instances of Tomcat without having to install the software multiple times, and not wasting disk space.
The first properties (catalina.home) points to the location of the common information, while the other property (catalina.base) points to the directory where all the instance specific information are held."
If I'm using only one instance of tomcat inside the IDE, why changes on catalina_home didn't work?Why Netbeans IDE looks into the base directory by default?
Probably I'm still mixing it up???
Thanks
Ciao
Stefania

 
Frits Walraven
Creator of Enthuware JWS+ V6
Posts: 3412
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Stefania,

at last I solved the mistery of the lost security!


Congratulations

I have only catalina_home between my environment variables, shouldn't I make a variable catalina_base?


I have never used the variable catalina_base so I can't advise you here...

Anyway, problem solved!

Regards,
Frits

 
Shiny ad:
We need your help - Coderanch server fundraiser
https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
reply
    Bookmark Topic Watch Topic
  • New Topic