tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan McMinn" <nmcm...@charter.net>
Subject Repost: Double Login
Date Wed, 08 Jan 2003 14:07:08 GMT
Hi all,

Some of you had been kind enough to assist with this issue I posted
previously.  I had thought it was fixed, but it has appeared again.  Any
ideas?


I recently switched a web application from a memory realm to a JDBC realm
for authentication.  After making the switch, the web app now requires that
users log in twice.  The app is running with SSL, and using Basic
authentication.  The Login.jsp page listed in the XML below as the welcome
file simply sets up session objects, etc.  The first login occurs before the
Login.jsp page will load.  Once all of the session setup is complete, the
Login.jsp page forwards the user to the application's main menu.  It is at
this point that the system asks for another login.  Has anyone seen this
behavior before? I've already searched Google, JGuru, etc etc.  This is the
current web.xml for the application having the problem.  Any help would be
greatly appreciated.

Thanks..
Nathan McMinn

<web-app>

    <mime-mapping>
      <extension>js</extension>
      <mime-type>text/javascript</mime-type>
    </mime-mapping>

  <welcome-file-list>
    <welcome-file>Login.jsp</welcome-file>
  </welcome-file-list>

    <security-constraint>
      <display-name>WWEX Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>DELETED</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>user</role-name>
      </auth-constraint>
      <user-data-constraint>
  <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
    </security-constraint>

    <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>DELETED</realm-name>
    </login-config>

</web-app>



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message