tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: Craig - BASIC Authentication
Date Wed, 11 Oct 2000 21:09:48 GMT
Tom Lager wrote:

> Hi Craig,
>
> Let's say that my context is called "secure" and I want everything
> in this context protected.  So the URL
> http://localhost:8080/secure/index.html
> would cause the form base login to appear.
>

So you would propose to use a URL pattern like "/*" in your security constraint,
right?

>
> Now the problem is that the <form-login-page> and <form-error-page>
> attributes
> cannot reside within the secure context or an infinite loop of
> authentication will
> occur because you need to be authenticated before you can see these pages...
>

This should work fine in 4.0 because I put a bunch of special cases to take care
of it.    I haven't tried it in 3.2.

What version are you testing with?

>
> So I tried to put these pages in the ROOT context by saying
>
>         <form-login-page>../login.jsp</form-login-page>
>         <form-error-page>../error.jsp</form-error-page>
>
> and then I succesfully got the login form page to display... however when I
> submitted the form Tomcat Complained (Standard Output) saying
>
> No handler for request R( + j_security_check + null) 401
>
> so it seems that the pages used to display the login form cannot reside
> outside
> the context they are to protect... I'm using Tomcat 3.2b4.. do you have any
> solution
> for this other than putting it in the web.xml for ROOT and making /secure
> NOT a context??
>

Any attempt to go "above" the directory space of your web application using ".."
should fail, because such actions are disallowed.

>
> Thanks,
>
> Tom Lager
>

Craig

====================
See you at ApacheCon Europe <http://www.apachecon.com>!
Session VS01 (23-Oct 13h00-17h00):  Sun Technical Briefing
Session T06  (24-Oct 14h00-15h00):  Migrating Apache JServ
                                    Applications to Tomcat



Mime
View raw message