tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madere, Colin" <colin.mad...@ieminc.com>
Subject form-based login and login form locations
Date Tue, 28 Jan 2003 23:13:40 GMT
So I have a site that I want the entire thing secured via form-based login.
IOW, any content static or not should be secured.  I set up the config below
as it was the only thing I could make work.  However, if I hit the app
within the site, it doesn't ask for a login.  When I add the auth config
stuff to the web.xml for the app, it requires a form be in the app's
directory (so now I have 2 login forms and fail pages and if it includes a
header and footer those also have to be duplicated to every app that
requires login).

This is a mess.  How can I secure a whole site with a single form, static
and dynamic content alike?

I have a web.xml with auth info in "/www/public/WEB-INF" and a login.html in
"/www/public" which works.

I have the same auth setup in an app's dir
"/www/public/webapps/CalApp/WEB-INF" with the same login.html in
".../CalApp".

How do I do it all with one config and login/login_fail pages?

relevant content from server.xml:

      <!-- Site 1 (default) (Public) -->
      <Host name="192.168.16.208" debug="0" appBase="/www/public/webapps" 
       unpackWARs="true" autoDeploy="true">
       
        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
                   debug="0"/>

          <DefaultContext>
            <!-- set up virtual host variable for multi-site apps -->
            <Parameter name="siteRole" value="public"/>
            <!-- set up web app DB connection info in each host for
flexibilty -->
            <Parameter name="DB_Driver" value="org.postgresql.Driver" />
            <Parameter name="DB_URL"
value="jdbc:postgresql://localhost/WebApps" />
            <Parameter name="DB_User" value="postgres" />
            <Parameter name="DB_Pass" value="postgres" />
          </DefaultContext>
          <!-- set up document context since app-base of host is abnormal
-->
          <Context path="" docBase="/www/public"/>
          
      </Host>

from web.xml:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
    <session-config>
        <session-timeout>30</session-timeout>
    </session-config>
    
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>
    
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Secure Site</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.shtml</form-login-page>
            <form-error-page>/login_fail.shtml</form-error-page>
        </form-login-config>
    </login-config>
</web-app>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message