tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From julie.f.mcc...@jpmorgan.com
Subject Re: jdbc realm + form authenication setup
Date Tue, 30 Apr 2002 10:26:17 GMT

Hello

Thanks for the below info, I read the servlet spec and it helped, but I
still can not get the form based authenication to work.  I have attached
the web.xml and tomcat-users.xml files, the welcome-file should be
restricted, it does bring up the login page but then it displays the failed
login page - is there still something wrong with this set up.

Thanks
Julie

web.xml
<welcome-file-list>
     <welcome-file>/assistant/restricted/test.htm</welcome-file>
</welcome-file-list>
<security-constraint>
     <web-resource-collection>
       <web-resource-name>Assistant</web-resource-name>
       <!-- Define the context-relative URL(s) to be protected -->
       <url-pattern>/restricted/*</url-pattern>
       <http-method>POST</http-method>
       <http-method>GET</http-method>
     </web-resource-collection>
     <auth-constraint>
       <!-- Anyone with one of the listed roles may access this area -->
       <role-name>manager</role-name>
     </auth-constraint>
  </security-constraint>
  <login-config>
     <auth-method>FORM</auth-method>
     <form-login-config>
       <form-login-page>/login.htm</form-login-page>
       <form-error-page>/loginFailed.htm</form-error-page>
     </form-login-config>
  </login-config>
  <security-role>
     <role-name>manager</role-name>
  </security-role>

tomcat-users.xml
<tomcat-users>
  <user name="operate" password="operatethis" roles="manager" />
</tomcat-users>







rnf@tbird.com on 04/29/2002 02:58:49 PM

Please respond to tomcat-user@jakarta.apache.org

To:    tomcat-user@jakarta.apache.org
cc:
Subject:    Re: jdbc realm + form authenication setup


Hi Julie,

In your web.xml file if you specify auth-method FORM you have to give it
two
form names like so:
    <auth-method>FORM</auth-method>
     <form-login-config>
        <form-login-page>/login.htm</form-login-page>
        <form-error-page>/loginFailed.htm</form-error-page>
     </form-login-config>

You only use realm-name if you are using the BASIC authentication scheme.

You have to provide the pages for form-login and form-error.  In the login
page you must have a form with action j_security_check, like so.

  <form name="login" method="post" action="j_security_check">

That form has to have a field called j_username and another called
j_password.

Does your Sybase driver info work without security?  Also you may not want
to digest your passwords until you get everything else working to eliminate
that as the source of the error.

To get details on setting up the web.xmlfile and server.xml files download
the Servlet 2.3 specification from java.sun.com.

It's fairly short and is in pdf format.

Hope this helps,

Rick


----- Original Message -----
From: <julie.f.mccabe@jpmorgan.com>
To: <tomcat-user@jakarta.apache.org>
Sent: Monday, April 29, 2002 11:48 AM
Subject: jdbc realm + form authenication setup


> Hello
>
> I have been unable to set up jdbc realm with form authenication method.
I
> have the jsp, the server.xml and web.xml files configured but it doesn't
> work - I am missing sometime but have not found a good resource to
explain
> exactly what this is.  Does anybody have an example/know of a good
> resource?   Using Tomcat 4.0 and Sybase.
>
> in server.xml
> <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
> driverName="com.sybase.jdbc2.jdbc.SybDriver" digest="digest"
connectionURL
> ="jdbc:sybase:Tds:server:port/db?user=user&amp;password=user" userTable="
> userTable" userNameCol="nameTable" userCredCol="user_pswd" userRoleTable
="
> roles" roleNameCol="roleName"/>
>
> in web.xml
> security-constraint>
>   <web-resource-collection>
>      <web-resource-name>Configuration</web-resource-name>
>      <!-- Define the context-relative URL(s) to be protected -->
>      <url-pattern>/assistant</url-pattern>
>   </web-resource-collection>
>   <auth-constraint>
>      <!-- Anyone with one of the listed roles may access this area -->
>      <role-name>operate</role-name>
>   </auth-constraint>
> </security-constraint>
> <login-config>
>   <auth-method>FORM</auth-method>
>   <realm-name>EBasic Authentication Area</realm-name>
> </login-config>
>
> Thanks
> Julie
>
>
> This communication is for informational purposes only.  It is not
intended
as
> an offer or solicitation for the purchase or sale of any financial
instrument
> or as an official confirmation of any transaction. All market prices,
data
> and other information are not warranted as to completeness or accuracy
and
> are subject to change without notice. Any comments or statements made
herein
> do not necessarily reflect those of J.P. Morgan Chase & Co., its
> subsidiaries and affiliates.
>
>
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
>
>


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>








This communication is for informational purposes only.  It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan Chase & Co., its
subsidiaries and affiliates.


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message