tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <Craig.McClana...@eng.sun.com>
Subject Re: Setting up server.xml
Date Wed, 14 Feb 2001 00:49:09 GMT
janis wrote:

> "Ignacio J. Ortega" wrote:
>
> >
> >
> > You need to read those ugly specs ( in
> > http://java.sun.com/products/servlets ) to get your webapp security to
> > work, JDBCRealm has nothing to do with web.xml, it's only a way to store
> > usernames & passwords for a webapp, you need to configure your web.xml
> > to see it in action... Please send your web.xml if you want some help
> > with it ....
> >
> > Please check ( and understand ) the url
> > http://localhost:8080/examples/jps/security to look at working example,
> > look at the web.xml file of the examples webapp to look at a working
> > config...
>
> Thank you for recommendations! I'll read them.
>
> When I make a request to the url mentioned above I get an authenication
> form.
> When I provide the username tomcat and password tomcat (role tomcat is
> defined in tomcat-users.xml) I get an login error.
>

If you have declared that you are using the JDBCRealm instead of the default
one, the tomcat-users.xml file is no longer consulted.  Be sure that you have
added users into the database table configured in your <Realm> entry in order
to be able to log on to the protected page in the examples application.

>
> I have seen a some messages on this list there people have discussed this
> issue.
> They were talking about a context attribute setting to trusted=true in the
> connection
> with the manager webapp included in Tomcat 4.0 - b1 distribution.
>

The "trusted" attribute only exists on Tomcat 3.2 -- not on 4.0.  In order to
use the manager application of Tomcat 4.0, all you need is a defined user
(again, in your database table if you're using a JDBCRealm) with a role of
"manager".

>
> But where to specify the Context if Tomcat is not used in standalone mode.
>

There are likely to be bugs in trying to use container-managed security
through mod_webapp.  Could you post the relevant portion of your server.xml
file?

Craig


>
> I tried to put a <Context> tag between <Engine> tags, but it resulted in
> error
> messages for WarpContext.
>
> The web.xml file I used is here:
> ?xml version="1.0" encoding="ISO-8859-1"?>
>
> <!DOCTYPE web-app
>     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
>     "http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
>
> <web-app>
>
>   <taglib>
>     <taglib-uri>
>       XSLTAGS
>     </taglib-uri>
>     <taglib-location>
>       /WEB-INF/xsl.tld
>     </taglib-location>
>   </taglib>
>
>   <security-constraint>
>     <display-name>Wap Security Constraint</display-name>
>     <web-resource-collection>
>       <web-resource-name>Protected Area</web-resource-name>
>       <url-pattern>/test/*</url-pattern>
>     </web-resource-collection>
>     <auth-constraint>
>       <role-name>tomcat</role-name>
>       <role-name>role1</role-name>
>     </auth-constraint>
>   </security-constraint>
>
>   <login-config>
>     <auth-method>FORM</auth-method>
>     <realm-name>Wap Form-based Authentication Area</realm-name>
>     <form-login-config>
>       <form-login-page>/test/login/login.jsp</form-login-page>
>       <form-error-page>/test/login/error.jsp</form-error-page>
>     </form-login-config>
>   </login-config>
>
> </web-app>
>
> >
> >
> > Saludos ,
> > Ignacio J. Ortega
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-user-help@jakarta.apache.org


Mime
View raw message