Java Application

S

Scott

I am trying to create a web application called hotdotcom. It is an example from Hall’s Core Servlets and JavaServer Pages Volume 2: Advanced Technologies - Second Edition. It is found in Chapter 3: Declarative Security – 3.1 Form-Based Authentication.

The web application uses container-managed security: From-based. The web.xml is below. I am running Tomcat 3.3.1 on my PC. When I click a protected URL I receive the login form just fine, but when I fill it out I am always sent to my login-error.jsp page. I have added four users to Tomcat’s <install_dir>conf/tomcat-users.xml file. (Also below)

I receive the following statement in the Tomcat log:
2013-02-25 08:30:22 - Http10Interceptor: Starting on 8080
2013-02-25 08:30:22 - Ajp12Interceptor: Starting on 8007
2013-02-25 08:30:22 - Ajp13Interceptor: Starting on 8009
EmbededTomcat: Startup time 56
2013-02-25 08:31:46 - SessionIdGenerator: Created random class java.security.Sec
ureRandom
2013-02-25 08:31:59 - Ctx(/hotdotcom) : From login without a session

web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>

<!-- Disable the invoker servlet -->
<servlet>
<servlet-name>NoInvoker</servlet-name>
<servlet-class>coreservlets.NoInvokerServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>NoInvoker</servlet-name>
<url-pattern>/servlet/*</url-pattern>
</servlet-mapping>

<!-- If the URL (submitted by the client) gives a directory but no filename, try index.jsp first and
index.html second. If neither is found, the result is server specific (e.g., a directory listing). -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
<welcome-file>index.html</welcome-file>
</welcome-file-list>

<!-- Propect everyting within the "investing" directory -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Investing</web-resource-name>
<url-pattern>/investing/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>registered-user</role-name>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>

<!-- Tell the server to use form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/login-error.jsp</form-error-page>
</form-login-config>
</login-config>

<!-- Declare security roles used in this application.-->
<security-role>
<role-name>administrator</role-name>
</security-role>
<security-role>
<role-name>registered-user</role-name>
</security-role>

</web-app>

tomcat-users.xml
<tomcat-users>

<!-- 2/4/2013 SDU Added on 2/4/2013 -->
<role rolename="registered-user" />
<role rolename="administrator" />

<user name="john" password="nhoj" roles="registered-user" />
<user name="jane" password="enaj" roles="registered-user" />
<user name="juan" password="nauj" roles="administrator" />
<user name="juana" password="anauj" roles="administrator,registered-user" />

<!-- Original contents of tomcat-users.xml-->

<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>
 
A

Arne Vajhøj

I am trying to create a web application called hotdotcom. It is an
example from Hall’s Core Servlets and JavaServer Pages Volume 2:
Advanced Technologies - Second Edition. It is found in Chapter 3:
Declarative Security – 3.1 Form-Based Authentication.

The web application uses container-managed security: From-based. The
web.xml is below. I am running Tomcat 3.3.1 on my PC. When I click a
protected URL I receive the login form just fine, but when I fill it out
I am always sent to my login-error.jsp page. I have added four users to
Tomcat’s <install_dir>conf/tomcat-users.xml file. (Also below)

I receive the following statement in the Tomcat log:
2013-02-25 08:30:22 - Http10Interceptor: Starting on 8080
2013-02-25 08:30:22 - Ajp12Interceptor: Starting on 8007
2013-02-25 08:30:22 - Ajp13Interceptor: Starting on 8009
EmbededTomcat: Startup time 56
2013-02-25 08:31:46 - SessionIdGenerator: Created random class java.security.Sec
ureRandom
2013-02-25 08:31:59 - Ctx(/hotdotcom) : From login without a session

You should have a lot more log in the two log files produced by Tomcat.
tomcat-users.xml
<tomcat-users>

<!-- 2/4/2013 SDU Added on 2/4/2013 -->
<role rolename="registered-user" />
<role rolename="administrator" />

<user name="john" password="nhoj" roles="registered-user" />
<user name="jane" password="enaj" roles="registered-user" />
<user name="juan" password="nauj" roles="administrator" />
<user name="juana" password="anauj" roles="administrator,registered-user" />

<!-- Original contents of tomcat-users.xml-->

<user name="tomcat" password="tomcat" roles="tomcat" />
<user name="role1" password="tomcat" roles="role1" />
<user name="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>

I am wondering whether the reference to two not defined
roles may cause problems.

Could you try fix that?

Arne
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,023
Latest member
websitedesig25

Latest Threads

Top