tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan Peeters <johan.peet...@alcatel.be>
Subject Re: <security-constraint> issue
Date Tue, 15 Aug 2000 21:03:13 GMT
I think the problem is with release 3.1 - try moving up to 3.2.


Yo



Chris Bush wrote:

> Hello, I am running Tomcat 3.1 on a RedHat Linux 6.1 system, as well
> as on a (gasp) Windows 2000 system.  The problem I am having is not
> unique to either system.  I was attempting to set up a security
> constraint in my web app, and using the Tomcat example as a reference
> - i.e. http://localhost:8080/examples/jsp/security/protected This
> example's <security-constraint> and <login-config> sections are
> configured by default as part of the Tomcat installation, in the
> web.xml file for the examples context, as follows...
> <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>Protected Area</web-resource-name>
>   <!-- Define the context-relative URL(s) to be protected -->
>          <url-pattern>/jsp/security/protected/*</url-pattern>
>   <!-- If you list http methods, only those methods are protected -->
>   <http-method>DELETE</http-method>
>          <http-method>GET</http-method>
>          <http-method>POST</http-method>
>   <http-method>PUT</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>          <!-- Anyone with one of the listed roles may access this area
> -->
>          <role-name>tomcat</role-name>
>   <role-name>role1</role-name>
>       </auth-constraint>
>     </security-constraint>     <!-- Default login configuration uses
> BASIC authentication -->
>     <login-config>
>       <auth-method>BASIC</auth-method>
>       <realm-name>Example Basic Authentication Area</realm-name>
>     </login-config>     <!-- If you want to experiment with form-based
> logins, comment
>          out the <login-config> element above and replace it with
>          this one.  Note that we are currently using a nonstandard
>          authentication method, because the code to support form
>          based login is incomplete and only lightly tested.  -->
>     <!--
>     <login-config>
>       <auth-method>EXPERIMENTAL_FORM</auth-method>
>       <realm-name>Example Form-Based Authentication Area</realm-name>
>       <form-login-config>
>
> <form-login-page>/jsp/security/login/login.jsp</form-login-page>
>
> <form-error-page>/jsp/security/login/error.jsp</form-error-page>
>       </form-login-config>
>     </login-config>
>     -->My problem is this - After authenticating to the BASIC
> authentication request, instead of delivering the index.jsp page in
> /examples/jsp/security/protected, it delivers me to the root directory
> of the examples context.  This happens regardless of which platform I
> run the example on.  I configured a security-constraint section in the
> web.xml file for a custom context I added to my server, as
> follows...     <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>Protected Area</web-resource-name>
>   <!-- Define the context-relative URL(s) to be protected -->
>          <url-pattern>/secure/*</url-pattern>
>   <!-- If you list http methods, only those methods are protected -->
>   <http-method>DELETE</http-method>
>          <http-method>GET</http-method>
>          <http-method>POST</http-method>
>   <http-method>PUT</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>          <!-- Anyone with one of the listed roles may access this area
> -->
>          <role-name>admin</role-name>
>       </auth-constraint>
>     </security-constraint> with the same exact login-config section as
> the above example, and had the same problem.  Note that the only
> difference in the <security-constraint> section is the <url-pattern>
> specified.  Is there something that should go in the
> <web-resource-collection> besides the <url-pattern> to prevent this
> "re-mapping" back to the application's root directory? Thanks in
> advance for any insight provided...Chris Bush

--
Johan Peeters mailto:johan.peeters@alcatel.be
Software Architect - Net Commerce
Alcatel - Gen. De Wittelaan 11 A bus 1 - 2800 Mechelen - Belgium
Phone: +32 15 29 3427 Fax: +32 3 240 4800


Mime
View raw message