tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Tangney <jtang...@knowledgeplanet.com>
Subject Re: HTTP BASIC Authentication
Date Thu, 04 May 2000 16:59:42 GMT
I changed the authentication to form based, and the same thing happens.

I also moved the index.jsp file from
$TOMCAT_HOME/webapps/examples/jsp/security/protected/ to
$TOMCAT_HOME/webapps/examples (the directory that I get to after logging in)
and the jsp works correctly, showing the principal name, etc.

So I am now convinced that this is a BUG, whereby the login process causes
the root of the web app to be returned, rather than the page mentioned in
the original request. I am going to enter this whole message into the
bugbase at http://jakarta.apache.org/bugs - just as soon as I can get access
to it :-(

In case anyone is interested, a log of the transaction as captured by iCab
is appended at the end of this message. It clearly shows the http request
for examples/jsp/security/protected/

--johnt

On 5/3/00 4:00 PM, John Tangney at jtangney@knowledgeplanet.com wrote:

> Hi
> 
> The README says 
>> 5.2 Container Managed Security
>> 
>> Tomcat 3.1 has an experimental implementation of container managed security,
>> as described in the Servlet API Specification, version 2.2, section 11.
>> Please
>> note the following information about this implementation:
>> 
>> - BASIC authentication appears to work correctly, but has not been
>> extensively tested.  Please report any bugs you encounter here
>> at <http://jakarta.apache.org/bugs>.  The example application has
>> a protected area defined at the following URL:
>> 
>> http://localhost:8080/examples/jsp/security/protected
>> 
>> which can be accessed by any user defined in the configuration file
>> $TOMCAT_HOME/conf/tomcat-users.xml that has been granted the
>> appropriate roles.
> 
> When I go to that url, my client makes me log in, so I use user='tomcat',
> p/w='tomcat' as seen in the tomcat-users.xml file. So far so good.
> 
> But then I see a directory listing - apparently the contents of the
> /examples directory. I was expecting to see
> /examples/jsp/security/protected/index.jsp, which has something quite
> different.
> 
> I see the same directory listing whether my client browser is running on the
> same host as the server or different machines. This is an 'out the box'
> install of tomcat on solaris using jdk1.2.2.
> 
> What's going on here? Is there some secret redirection going on? Am I just
> misunderstanding what the http BASIC authentication is doing? Or is this a
> bug?
> 
> Help!
> --johnt


***

Thread #1 (5/4/00, 9:50 AM):

Connecting to base.kuis.com  Port: 8080
GET /examples/jsp/security/protected HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/xbm,
image/png, */*
Host: base.kuis.com:8080
User-Agent: iCab/Pre1.9 (Macintosh; I; PPC)
If-Modified-Since: Thu, 4 May 2000 16:09:23 GMT
 
 

Thread #1 (5/4/00, 9:50 AM):

Response: 401
Date: Thu, 04 May 2000 16:49:39 GMT
Servlet-Engine: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.2.2;
SunOS 5.6 sparc; java.vendor=Sun Microsystems Inc.)
Content-Language: en
WWW-Authenticate: Basic realm="Example Basic Authentication Area"
Content-Type: text/plain
Status: 401
 

Thread #1 (5/4/00, 9:50 AM):

Connecting to base.kuis.com  Port: 8080
GET /examples/jsp/security/protected HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/xbm,
image/png, */*
Authorization: Basic dG9tY2F0OnRvbWNhdA==
Host: base.kuis.com:8080
User-Agent: iCab/Pre1.9 (Macintosh; I; PPC)
If-Modified-Since: Thu, 4 May 2000 16:09:23 GMT
 
 

Thread #1 (5/4/00, 9:50 AM):

Response: 302
Content-Length: 191
Date: Thu, 04 May 2000 16:49:46 GMT
Servlet-Engine: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.2.2;
SunOS 5.6 sparc; java.vendor=Sun Microsystems Inc.)
Content-Language: en
Content-Type: text/html
Status: 302
Location: http://base.kuis.com:8080/examples/jsp/security/protected/
 

Thread #1 (5/4/00, 9:50 AM):

Connecting to base.kuis.com  Port: 8080
GET /examples/jsp/security/protected/ HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/xbm,
image/png, */*
Authorization: Basic dG9tY2F0OnRvbWNhdA==
Host: base.kuis.com:8080
Referer: 
http://tomcat:tomcat@base.kuis.com:8080/examples/jsp/security/protected
User-Agent: iCab/Pre1.9 (Macintosh; I; PPC)
If-Modified-Since: Thu, 4 May 2000 16:31:14 GMT
 
 

Thread #1 (5/4/00, 9:50 AM):

Response: 200
Content-Length: 916
Date: Thu, 04 May 2000 16:49:46 GMT
Servlet-Engine: Tomcat Web Server/3.1 (JSP 1.1; Servlet 2.2; Java 1.2.2;
SunOS 5.6 sparc; java.vendor=Sun Microsystems Inc.)
Content-Language: en
Content-Type: text/plain
Status: 200
Last-Modified: Thu, 04 May 2000 16:31:14 GMT
 


Mime
View raw message