tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexandros Kotsiras" <kotsi...@mediaondemand.com>
Subject RE: JDBCRealm question
Date Fri, 21 Jul 2000 17:50:33 GMT
Great !!!
It works now.
Thanks a lot Ignacio.
The JDBCRealm.howto though is using the tomcatRole, otherRole whereas the
default values in the web.xml are tomcat, other
and the JDBCRealm.howto does not mention that those values should match ..
so this point can easily be missed.

Another 2 simple questions and then i will leave you in peace :

1. After i login is there any session expiration mechanism that will
invalidate me and force me to relogin
if i take a break for example for an hour and come back ? or i will always
be "valid" until i close the browser ??

2. Is it possible to use JDBCRealm with Apache on port 80  ?? (Probably no i
guess)

-----Original Message-----
From: Nacho [mailto:nacho@siapi.es]
Sent: Friday, July 21, 2000 1:21 PM
To: 'tomcat-user@jakarta.apache.org'
Subject: RE: JDBCRealm question


Hola Alexander:

You do not have any of the roles stored for the users in the database,
authorized so the tomcat & JDBCRealm unauthorized response seems to be
correct.

You need to put your "tomcatRole,otherRole,...." in the
<auth-constraint> section of your web.xml file, as the roles with
permited acces to this web-resource collection.


Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Alexandros Kotsiras [mailto:kotsiras@mediaondemand.com]
> Enviado el: viernes 21 de julio de 2000 19:00
> Para: tomcat-user@jakarta.apache.org
> Asunto: RE: JDBCRealm question
>
>
> I don't think i modified the web.xml of my context.
> Anyway,  i appreciate you interest
>
>
> <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>Protected Area</web-resource-name>
> 	 <!-- Define the context-relative URL(s) to be protected -->
>          <url-pattern>/jsp/protected/*</url-pattern>
> 	 <!-- If you list http methods, only those methods are
> protected -->
> 	 <http-method>DELETE</http-method>
>          <http-method>GET</http-method>
>          <http-method>POST</http-method>
> 	 <http-method>PUT</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>          <!-- Anyone with one of the listed roles may access
> this area -->
>          <role-name>tomcat</role-name>
> 	 <role-name>role1</role-name>
>       </auth-constraint>
>     </security-constraint>
>
>     <!-- Default login configuration uses BASIC authentication -->
>     <login-config>
>       <auth-method>BASIC</auth-method>
>       <realm-name>Example Basic Authentication Area</realm-name>
>     </login-config>
>
>     <!-- If you want to experiment with form-based logins, comment
>          out the <login-config> element above and replace it with
>          this one.  Note that we are currently using a nonstandard
>          authentication method, because the code to support form
>          based login is incomplete and only lightly tested.  -->
>     <!--
>     <login-config>
>       <auth-method>EXPERIMENTAL_FORM</auth-method>
>       <realm-name>Example Form-Based Authentication Area</realm-name>
>       <form-login-config>
>
> <form-login-page>/jsp/security/login/login.jsp</form-login-page>
>
> <form-error-page>/jsp/security/login/error.jsp</form-error-page>
>       </form-login-config>
>     </login-config>
>
> -----Original Message-----
> From: Nacho [mailto:nacho@siapi.es]
> Sent: Friday, July 21, 2000 11:45 AM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: RE: JDBCRealm question
>
>
> > Maybe it's something silly i am missing.....
>
> For now your context's web.xml to have a look over your protection
> config. :-))
>
> Saludos ,
> Ignacio J. Ortega
>


Mime
View raw message