tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nacho <na...@siapi.es>
Subject RE: JDBCRealm authenticating twice with applet
Date Sat, 21 Oct 2000 01:32:48 GMT
I you do not pass the Session cookie received by the authenticated
request to the applet and uses it as header on his connection, Tomcat
cannot  associate the second Connection (from applet) with the first
(from brower) so it considers the second connection as a different
connection and not cosiders it authorized by the first request.., only a
thought

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: raimee@ca.ibm.com [mailto:raimee@ca.ibm.com]
> Enviado el: viernes 20 de octubre de 2000 23:20
> Para: tomcat-user@jakarta.apache.org
> Asunto: JDBCRealm authenticating twice with applet
> 
> 
> 
> Win NT platform
> JDK1.2
> Tomcat 3.2b6
> DB2 EE v7.1
> 
> server.xml:
>      <RequestInterceptor
>          className="org.apache.tomcat.request.JDBCRealm"
>          debug="99"
>          driverName="COM.ibm.db2.jdbc.app.DB2Driver"
>          connectionURL="jdbc:db2:authDb"
>          userTable="users"
>          userNameCol="user_name"
>          userCredCol="user_pass"
>          userRoleTable="user_roles"
>          roleNameCol="role_name"
>          connectionName="userid"
>          connectionPassword="password"/>
> 
> 
> web.xml:
>  <security-constraint>
>    <web-resource-collection>
>       <web-resource-name>WebApp Home</web-resource-name>
>       <url-pattern>/*</url-pattern>
>       <http-method>DELETE</http-method>
>       <http-method>GET</http-method>
>       <http-method>POST</http-method>
>       <http-method>PUT</http-method>
>    </web-resource-collection>
>    <auth-constraint>
>       <role-name>appuser</role-name>
>    </auth-constraint>
>  </security-constraint>
> 
>  <login-config>
>    <auth-method>BASIC</auth-method>
>    <realm-name>WebApp Realm</realm-name>
>  </login-config>
> 
> 
> I have configured everything under the ROOT context to be 
> protected with
> BASIC authentication. When I request the defeault index.html 
> page under
> the /ROOT directory, the JDBCRealm RequestInterceptor 
> correctly handles my
> login. I then select a link from the index page
> to another html page also located under root which contains 
> an Applet. The
> applet loads and makes a URLConnection to
> a servlet which is under the /ROOT/WEB-INF/classes folder. At 
> this point
> the Interceptor requires another login. But I have already been
> authenticated
> in this REALM! Why the second login????
> 
> The first login window looks like a plain Browser Login 
> window. The second
> window is however a java login window; generated
> in the Applets JVM I suppose. Does the URLConnection require 
> explicit http
> header handling? (In the form of setRequestProperty() )
> 
> Raimee
> 
> 

Mime
View raw message