tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joakim Verona <joa...@verona.se>
Subject Re: container managed authentication - how?
Date Tue, 05 Dec 2000 12:24:17 GMT
hello,

I use exactly this quite a lot, and it works well. 

try the example security contexts, so you can see how it works.
the interceptor in the server.xml you need to activate is clearly commented
in the file. tomcat needs to be responisble for security, so the easiest
way to test it is to go through port 8080.

the tomcat-users file is also clearly commented.

when you design your login forms, they should be placed somewhere unprotected,
this was a quirk that stymied me for a while.


look for these lines in server.xml:
(i have increased the debug level to see what happens)


  <!-- Check if the request requires an authenticated role.
          -->
        <RequestInterceptor 
            className="officeweb.messages.AccessInterceptor" 
            debug="9" />

        <!-- Check permissions using the simple xml file. You can 
             plug more advanced authentication modules.
          -->
        <RequestInterceptor 
            className="org.apache.tomcat.request.SimpleRealm" 
            debug="1" />


Christian Sell wrote:
> 
> can you (or anyone) tell me WHAT I need to activate to enable J2EE standard
> (form-based) authentication, simply using the tomcat-users.xml file? Is
> there any place I can read up on this? Does this even work?
> 
> thanks,
> Christian
> 
> ----- Original Message -----
> From: "Joakim Verona" <joakim@verona.se>
> To: <tomcat-user@jakarta.apache.org>
> Sent: Tuesday, December 05, 2000 11:08 AM
> Subject: Re: container managed authentication - how?
> 
> > hello,
> >
> > try reading the server.xml file. you must activate an interceptor.
> > you can choose from several.
> >
> > Christian Sell wrote:
> > >
> > > hello,
> > >
> > > I just installed Tomcat 3.2 and deployed my web application, which is
> > > running sucessfully nuder Orion and JRun, using form-based
> authentication.
> > > However, Tomcat completely ignores the security-constraint settings. How
> can
> > > I get Tomcat to enforce this? Does Tomcat support container-managed
> > > security?
> > >
> > > thanks in advance..
> > > Christian
> > >
> > > BTW, Heres my web.xml, in case somebody wants to take a look:
> > >
> > > <?xml version="1.0" encoding="ISO-8859-1"?>
> > >
> > > <!DOCTYPE web-app
> > >   PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
> > >   "http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
> > >
> > > <web-app>
> > >  <servlet>
> > >   <servlet-name>wcfsystem</servlet-name>
> > >   <display-name>wcfsystem</display-name>
> > >   <servlet-class>com.itsit.wcf.adaptor.WCFSystem</servlet-class>
> > >   <init-param>
> > >    <param-name>wcf.properties</param-name>
> > >    <param-value>/wcf.properties</param-value>
> > >   </init-param>
> > >   <load-on-startup>1</load-on-startup>
> > >  </servlet>
> > >    <session-config>
> > >       <session-timeout>10</session-timeout>
> > >    </session-config>
> > >    <welcome-file-list>
> > >       <welcome-file>index.html</welcome-file>
> > >       <welcome-file>index.jsp</welcome-file>
> > >    </welcome-file-list>
> > >  <security-constraint>
> > >   <web-resource-collection>
> > >    <web-resource-name>WCF Administration</web-resource-name>
> > >    <description>WebComponents Administration</description>
> > >    <url-pattern>*/WCFAdmin.jsp</url-pattern>
> > >    <url-pattern>*/wcfsystem</url-pattern>
> > >   </web-resource-collection>
> > >   <auth-constraint>
> > >    <description>Administrators only</description>
> > >    <role-name>admins</role-name>
> > >   </auth-constraint>
> > >  </security-constraint>
> > >  <login-config>
> > >   <auth-method>FORM</auth-method>
> > >       <form-login-config>
> > >          <form-login-page>/content/login.html</form-login-page>
> > >          <form-error-page>/content/loginerr.html</form-error-page>
> > >       </form-login-config>
> > >  </login-config>
> > >  <security-role>
> > >   <description>WCF Users</description>
> > >   <role-name>users</role-name>
> > >  </security-role>
> > >  <security-role>
> > >   <description>WCF Administrators</description>
> > >   <role-name>admins</role-name>
> > >  </security-role>
> > > </web-app>
> >
> > --
> > Joakim Verona
> > joakim@verona.se
> > http://www.verona.se/

-- 
Joakim Verona
joakim@verona.se
http://www.verona.se/

Mime
View raw message