tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcel Jansen" <gromm...@languagewise.com>
Subject [TC4b5] SingleSignOn works with Basic Auth but not Forms
Date Wed, 20 Jun 2001 12:48:56 GMT
Hi

I'm running the Tomcat 4.0b5 build and am keen to use the
SingleSingOn feature. When I configure the web.xml files
to use basic authentication everything's fine but when using
Forms based authentication it will insist on authenticating every
web application.

Also, after authentication with a form
I always see http://.../j_security_check
as the URL instead of the protected URL.

I'm using a very sime servlet to authenticate (I see the same
behaviour with an HTML based example I tried):

public class Login extends HttpServlet {

    public void doGet (HttpServletRequest request, HttpServletResponse
response) {

        try

            PrintWriter out = response.getWriter();
            out.print("<html>\r\n<body>\r\n<h1>Login page for
Websign</h1>\r\n\r\n<form method=\"POST\" action=\"j_security_check\" >\r\n
<input type=\"text\" name=\"j_username\"> \r\n <input type=\"password\"
name=\"j_password\"> \r\n \r\n <input type=\"submit\"
name=\"j_security_check\">\r\n</form>\r\n\r\n</body>\r\n</html>\r\n");
            out.flush();
        }
        catch (Exception ex) {
            ex.printStackTrace();
        }

    }
}

The web.xml files look like:

    <security-constraint>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
	 <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/servlet/Admin</url-pattern>
	 <!-- If you list http methods, only those methods are protected -->
	 <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
	 <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>role1</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Use this for BASIC authentication -->

        <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>Example Basic Authentication Area</realm-name>
    </login-config>


    <!-- Use this for forms based authentication -->
    <!--
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/servlet/Login</form-login-page>
        <form-error-page>error.html</form-error-page>
      </form-login-config>
    </login-config>
    -->

Have I configured my forms login badly? Has anybody had this
working with a non-jsp authentications form?





Mime
View raw message