tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Fincher" <...@tbird.com>
Subject Re: help, JDBCRealm, Why Need to authenticate three times to login
Date Tue, 07 May 2002 18:18:02 GMT
Hi Hillel,

This is a longshot but you aren't calling login.jsp directly are you?  It
should generate errors if you do, but it's just a thought.

Also, what are the implications of making your login page a jsp as opposed
to an html?  I haven't tried it, but can that cause a second call to the
authentication code?

Why use:

<form method="POST" action='<%=response.encodeURL("j_security_check") %>' >

instead of:

<form method="POST" action="j_security_check"> ?

Why do you want to pass the session value of the login session to your
webapp? The code you posted doesn't show anything but the standard username
and password in the login page.

Are you using single sign on?

If not, your setup may be starting several sessions and forcing you to log
into each one.

I had a problem like that if my index.jsp was a frameset.  Each frame in the
frameset was a different session.

I had to change index.jsp to a simple page that called the frameset page.

Rick

----- Original Message -----


> Dear Tomcat Users
>
> I've installed tomcat v4.03 with JDBCRealm
> When you login incorrectly you go to the error
> page however if you login correctly you need to
> login three times before you can get to the
> index.jsp.
>
> Thanks for any assistance
>
>
> my web.xml is:
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
> <!DOCTYPE web-app
>   PUBLIC "-//Sun Microsystems, Inc.//DTD Web
> Application 2.3//EN"
>
> "http://java.sun.com/j2ee/dtds/web-app_2_3.dtd">
>
> <web-app>
>
> <session-config>
> <session-timeout>2</session-timeout>
> </session-config>
>
>   <security-constraint>
>       <web-resource-collection>
>          <web-resource-name>
>             WebInterface
>          </web-resource-name>
>          <url-pattern>/login/*</url-pattern>
>          <http-method>GET</http-method>
>          <http-method>POST</http-method>
>       </web-resource-collection>
>       <auth-constraint>
>          <role-name>manager</role-name>
>          <role-name>customer</role-name>
>       </auth-constraint>
>    </security-constraint>
>        <form-login-config>
>        <login-config>
>       <auth-method>
>          FORM
>       </auth-method>
>
>       <form-login-config>
> <form-login-page>/login/login.jsp</form-login-page>
>
> <form-error-page>/login/error.jsp</form-error-page>
>       </form-login-config>
>    </login-config>
>
> server.xml:
>
>  <Realm
> className="org.apache.catalina.realm.JDBCRealm"
> debug="99"
>
> driverName="org.postgresql.Driver"
>
>
connectionURL="jdbc:postgresql://localhost/catalina?user=dbuser;password=dbp
as
> s"
>                 userTable="users"
> userNameCol="user_name" userCredCol="user_pass"
>              userRoleTable="user_roles"
> roleNameCol="role_name"/>
>
> <DefaultContext reloadable="true"/>
>           <Context path="/interface"
> docBase="bulkinterface" debug="0"
>         reloadable="true" crossContext="true">
>         <Logger
> className="org.apache.catalina.logger.FileLogger"
>
> prefix="localhost_interface." suffix=".txt"
>                 timestamp="true"/>
>          </Context>
>
> I've Switched off default Memory Realm
>
> The login.jsp I've used is from the examples:
>
> <html>
> <head>
> <title>Login Page for Examples</title>
> <body bgcolor="white">
> <form method="POST" action='<%=
> response.encodeURL("j_security_check") %>' >
>   <table border="0" cellspacing="5">
>     <tr>
>       <th align="right">Username:</th>
>       <td align="left"><input type="text"
> name="j_username"></td>
>     </tr>
>     <tr>
>       <th align="right">Password:</th>
>       <td align="left"><input type="password"
> name="j_password"></td>
>     </tr>
>     <tr>
>       <td align="right"><input type="submit"
> value="Log In"></td>
>       <td align="left"><input type="reset"></td>
>     </tr>
>   </table>
> </form>
> </body>
> </html>
>
> Best Regards
>
> Hillel Bilman
> Manager HZB Technologies
> mailto:hillel@mail.co.za
> cell:0832300002
> tel:(011)4436164



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message