tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nacho <na...@siapi.es>
Subject RE: JDBCRealm authenticating twice with applet
Date Sat, 21 Oct 2000 13:44:04 GMT
I'm thinking on the way tomcat recognizes request as part of a session,
not in the way authentication is done, i dont think Tomcat recognizes 2
request as part of the same session if it not gets the SessionId from
the incoming request in any way.. are you need to store the credentials
in the applet in any way and add it to every request made from servlet,
or you need to send the SessionID to get tomcat to recognize that this 2
request are the same..

Saludos ,
Ignacio J. Ortega


> -----Mensaje original-----
> De: Raimee [mailto:raimee@sympatico.ca]
> Enviado el: sábado 21 de octubre de 2000 4:28
> Para: tomcat-user@jakarta.apache.org
> Asunto: Re: JDBCRealm authenticating twice with applet
> 
> 
> I do not believe cookies are involved here at all.
> 
> Here is the relevent code from the AccessInterceptor used to 
> authenticate.
> There is no use of cookies. Uses traditional www-authenticate 
> http headers
> to prompt the browser for the login.
> 
>  res.setStatus( 401 );
>  res.setHeader( "WWW-Authenticate",
>          "Basic realm=\"" + realm + "\"");
> 
> 
> Nacho wrote:
> 
> > I you do not pass the Session cookie received by the authenticated
> > request to the applet and uses it as header on his 
> connection, Tomcat
> > cannot  associate the second Connection (from applet) with the first
> > (from brower) so it considers the second connection as a different
> > connection and not cosiders it authorized by the first 
> request.., only a
> > thought
> >
> > Saludos ,
> > Ignacio J. Ortega
> >
> > > -----Mensaje original-----
> > > De: raimee@ca.ibm.com [mailto:raimee@ca.ibm.com]
> > > Enviado el: viernes 20 de octubre de 2000 23:20
> > > Para: tomcat-user@jakarta.apache.org
> > > Asunto: JDBCRealm authenticating twice with applet
> > >
> > >
> > >
> > > Win NT platform
> > > JDK1.2
> > > Tomcat 3.2b6
> > > DB2 EE v7.1
> > >
> > > server.xml:
> > >      <RequestInterceptor
> > >          className="org.apache.tomcat.request.JDBCRealm"
> > >          debug="99"
> > >          driverName="COM.ibm.db2.jdbc.app.DB2Driver"
> > >          connectionURL="jdbc:db2:authDb"
> > >          userTable="users"
> > >          userNameCol="user_name"
> > >          userCredCol="user_pass"
> > >          userRoleTable="user_roles"
> > >          roleNameCol="role_name"
> > >          connectionName="userid"
> > >          connectionPassword="password"/>
> > >
> > >
> > > web.xml:
> > >  <security-constraint>
> > >    <web-resource-collection>
> > >       <web-resource-name>WebApp Home</web-resource-name>
> > >       <url-pattern>/*</url-pattern>
> > >       <http-method>DELETE</http-method>
> > >       <http-method>GET</http-method>
> > >       <http-method>POST</http-method>
> > >       <http-method>PUT</http-method>
> > >    </web-resource-collection>
> > >    <auth-constraint>
> > >       <role-name>appuser</role-name>
> > >    </auth-constraint>
> > >  </security-constraint>
> > >
> > >  <login-config>
> > >    <auth-method>BASIC</auth-method>
> > >    <realm-name>WebApp Realm</realm-name>
> > >  </login-config>
> > >
> > >
> > > I have configured everything under the ROOT context to be
> > > protected with
> > > BASIC authentication. When I request the defeault index.html
> > > page under
> > > the /ROOT directory, the JDBCRealm RequestInterceptor
> > > correctly handles my
> > > login. I then select a link from the index page
> > > to another html page also located under root which contains
> > > an Applet. The
> > > applet loads and makes a URLConnection to
> > > a servlet which is under the /ROOT/WEB-INF/classes folder. At
> > > this point
> > > the Interceptor requires another login. But I have already been
> > > authenticated
> > > in this REALM! Why the second login????
> > >
> > > The first login window looks like a plain Browser Login
> > > window. The second
> > > window is however a java login window; generated
> > > in the Applets JVM I suppose. Does the URLConnection require
> > > explicit http
> > > header handling? (In the form of setRequestProperty() )
> > >
> > > Raimee
> > >
> > >
> 

Mime
View raw message