tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Basham <Bryan.Bas...@central.sun.com>
Subject Problem with user authentication w/ Tomcat v4.0 m4
Date Fri, 08 Dec 2000 22:55:37 GMT
Hello,

    [I attempted to look this topic up on the alias archive, but
     after reading a few unrelated posts (search on "authentication"
     AND "document contains no data") and then various server not
     available attempts I gave up and decided to write to the group.]

I am trying to test user authentication with Tomcat v4.0 m4.
I have a *very* simple configuration:

 * an index page that links to a view-common page and a view-restricted page
 
 * the web.xml security constraint on the view-restricted page are set up as:

    <!-- Restricted Resources -->
    <security-constraint>
	<web-resource-collection>
	    <web-resource-name>RestrictedResources</web-resource-name>
	    <url-pattern>/view-restricted.html</url-pattern>
	    <http-method>GET</http-method>
	</web-resource-collection>
	<auth-constraint>
	    <role-name>admin</role-name>
	</auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>

    <security-role>
        <description>A simple restricted-access user role.</description>
	<role-name>admin</role-name>
    </security-role>

 * the server.xml configuration file is using the MemoryRealm
 
 * the tomcat-users.xml config. file has three users:
<tomcat-users>
  <user name="tomcat" password="tacmot" roles="tomcat" />
  <user name="user1"  password="1resu"  roles="admin"  />
  <user name="user2"  password="2resu"  roles="tomcat,admin" />
</tomcat-users>

So, I would expect that when I attempt to access the view-restricted.html
page that I get BASIC HTTP user auth. dialog box in my browser (Netscape
v4.75) and I do.  That's not the weird thing.  Everything works as expected
when I enter a user that has 'admin' role (e.g. 'user1'), *but* I am getting
the following Netscape error when I enter any other user (e.g. 'tomcat'):

   The document contains no data.
   Try again later, or contact the server's administrator.

This is not what I was expecting.  Is this the correct behavior?  This is
a problem because it (the browser) will not allow me to attempt to link
to that page again and re-authenticate.  Note: if I miss type a given
user's password, then the browser correctly asks me to retry; it is only
when I give the correct password for a registered user but not in the
corrrect role for the restricted page that I get the above problem.

BTW, I have attached a WAR file distribution of this WebApp.

Thanks,
Bryan


+---------------------------------------+--------------------------------------+
| Bryan Basham                          | "You are not an isolated entity, but
| Java Courseware Developer             |  a unique, irreplaceable part of the
| Sun Educational Services              |  cosmos.  Don't forget this.  You are
|   Phone: 1-303-272-8766  (x78766)     |  an essential piece of the puzzle of
|  E-mail: Bryan.Basham@Sun.COM         |  humanity."
| Address: 500 Eldorado Blvd            |
|          MailStop: UBRM05-135         |  -- The Art of Living, Epictetus
|          Broomfield, CO 80021         |     (trans. Sharon Lebell)
+---------------------------------------+--------------------------------------+

Mime
View raw message