Java Application

Discussion in 'Java' started by Scott, Feb 25, 2013.

  1. Scott

    Scott Guest

    I am trying to create a web application called hotdotcom. It is an example from Hall’s Core Servlets and JavaServer Pages Volume 2: Advanced Technologies - Second Edition. It is found in Chapter 3: Declarative Security – 3.1 Form-Based Authentication.

    The web application uses container-managed security: From-based. The web.xml is below. I am running Tomcat 3.3.1 on my PC. When I click a protected URL I receive the login form just fine, but when I fill it out I am always sent to my login-error.jsp page. I have added four users to Tomcat’s <install_dir>conf/tomcat-users.xml file. (Also below)

    I receive the following statement in the Tomcat log:
    2013-02-25 08:30:22 - Http10Interceptor: Starting on 8080
    2013-02-25 08:30:22 - Ajp12Interceptor: Starting on 8007
    2013-02-25 08:30:22 - Ajp13Interceptor: Starting on 8009
    EmbededTomcat: Startup time 56
    2013-02-25 08:31:46 - SessionIdGenerator: Created random class java.security.Sec
    ureRandom
    2013-02-25 08:31:59 - Ctx(/hotdotcom) : From login without a session

    web.xml
    <?xml version="1.0" encoding="ISO-8859-1"?>

    <!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

    <web-app>

    <!-- Disable the invoker servlet -->
    <servlet>
    <servlet-name>NoInvoker</servlet-name>
    <servlet-class>coreservlets.NoInvokerServlet</servlet-class>
    </servlet>

    <servlet-mapping>
    <servlet-name>NoInvoker</servlet-name>
    <url-pattern>/servlet/*</url-pattern>
    </servlet-mapping>

    <!-- If the URL (submitted by the client) gives a directory but no filename, try index.jsp first and
    index.html second. If neither is found, the result is server specific (e.g., a directory listing). -->
    <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>index.html</welcome-file>
    </welcome-file-list>

    <!-- Propect everyting within the "investing" directory -->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Investing</web-resource-name>
    <url-pattern>/investing/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    <role-name>registered-user</role-name>
    <role-name>administrator</role-name>
    </auth-constraint>
    </security-constraint>

    <!-- Tell the server to use form-based authentication -->
    <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
    <form-login-page>/admin/login.jsp</form-login-page>
    <form-error-page>/admin/login-error.jsp</form-error-page>
    </form-login-config>
    </login-config>

    <!-- Declare security roles used in this application.-->
    <security-role>
    <role-name>administrator</role-name>
    </security-role>
    <security-role>
    <role-name>registered-user</role-name>
    </security-role>

    </web-app>

    tomcat-users.xml
    <tomcat-users>

    <!-- 2/4/2013 SDU Added on 2/4/2013 -->
    <role rolename="registered-user" />
    <role rolename="administrator" />

    <user name="john" password="nhoj" roles="registered-user" />
    <user name="jane" password="enaj" roles="registered-user" />
    <user name="juan" password="nauj" roles="administrator" />
    <user name="juana" password="anauj" roles="administrator,registered-user" />

    <!-- Original contents of tomcat-users.xml-->

    <user name="tomcat" password="tomcat" roles="tomcat" />
    <user name="role1" password="tomcat" roles="role1" />
    <user name="both" password="tomcat" roles="tomcat,role1" />
    </tomcat-users>
    Scott, Feb 25, 2013
    #1
    1. Advertising

  2. Scott

    Arne Vajhøj Guest

    On 2/25/2013 11:49 AM, Scott wrote:
    > I am trying to create a web application called hotdotcom. It is an
    > example from Hall’s Core Servlets and JavaServer Pages Volume 2:
    > Advanced Technologies - Second Edition. It is found in Chapter 3:
    > Declarative Security – 3.1 Form-Based Authentication.
    >
    > The web application uses container-managed security: From-based. The
    > web.xml is below. I am running Tomcat 3.3.1 on my PC. When I click a
    > protected URL I receive the login form just fine, but when I fill it out
    > I am always sent to my login-error.jsp page. I have added four users to
    > Tomcat’s <install_dir>conf/tomcat-users.xml file. (Also below)
    >
    > I receive the following statement in the Tomcat log:
    > 2013-02-25 08:30:22 - Http10Interceptor: Starting on 8080
    > 2013-02-25 08:30:22 - Ajp12Interceptor: Starting on 8007
    > 2013-02-25 08:30:22 - Ajp13Interceptor: Starting on 8009
    > EmbededTomcat: Startup time 56
    > 2013-02-25 08:31:46 - SessionIdGenerator: Created random class java.security.Sec
    > ureRandom
    > 2013-02-25 08:31:59 - Ctx(/hotdotcom) : From login without a session


    You should have a lot more log in the two log files produced by Tomcat.

    > tomcat-users.xml
    > <tomcat-users>
    >
    > <!-- 2/4/2013 SDU Added on 2/4/2013 -->
    > <role rolename="registered-user" />
    > <role rolename="administrator" />
    >
    > <user name="john" password="nhoj" roles="registered-user" />
    > <user name="jane" password="enaj" roles="registered-user" />
    > <user name="juan" password="nauj" roles="administrator" />
    > <user name="juana" password="anauj" roles="administrator,registered-user" />
    >
    > <!-- Original contents of tomcat-users.xml-->
    >
    > <user name="tomcat" password="tomcat" roles="tomcat" />
    > <user name="role1" password="tomcat" roles="role1" />
    > <user name="both" password="tomcat" roles="tomcat,role1" />
    > </tomcat-users>


    I am wondering whether the reference to two not defined
    roles may cause problems.

    Could you try fix that?

    Arne
    Arne Vajhøj, Feb 26, 2013
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Willi Sanders
    Replies:
    0
    Views:
    611
    Willi Sanders
    Nov 25, 2003
  2. vnssoftware
    Replies:
    0
    Views:
    441
    vnssoftware
    Aug 12, 2004
  3. Michael
    Replies:
    4
    Views:
    715
    Andrew Thompson
    Nov 10, 2004
  4. Replies:
    6
    Views:
    1,003
  5. manish sahu
    Replies:
    3
    Views:
    1,002
Loading...

Share This Page