tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madere, Colin" <>
Subject form-based login and login form locations
Date Tue, 28 Jan 2003 23:13:40 GMT
So I have a site that I want the entire thing secured via form-based login.
IOW, any content static or not should be secured.  I set up the config below
as it was the only thing I could make work.  However, if I hit the app
within the site, it doesn't ask for a login.  When I add the auth config
stuff to the web.xml for the app, it requires a form be in the app's
directory (so now I have 2 login forms and fail pages and if it includes a
header and footer those also have to be duplicated to every app that
requires login).

This is a mess.  How can I secure a whole site with a single form, static
and dynamic content alike?

I have a web.xml with auth info in "/www/public/WEB-INF" and a login.html in
"/www/public" which works.

I have the same auth setup in an app's dir
"/www/public/webapps/CalApp/WEB-INF" with the same login.html in

How do I do it all with one config and login/login_fail pages?

relevant content from server.xml:

      <!-- Site 1 (default) (Public) -->
      <Host name="" debug="0" appBase="/www/public/webapps" 
       unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.authenticator.SingleSignOn"

            <!-- set up virtual host variable for multi-site apps -->
            <Parameter name="siteRole" value="public"/>
            <!-- set up web app DB connection info in each host for
flexibilty -->
            <Parameter name="DB_Driver" value="org.postgresql.Driver" />
            <Parameter name="DB_URL"
value="jdbc:postgresql://localhost/WebApps" />
            <Parameter name="DB_User" value="postgres" />
            <Parameter name="DB_Pass" value="postgres" />
          <!-- set up document context since app-base of host is abnormal
          <Context path="" docBase="/www/public"/>

from web.xml:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"

            <web-resource-name>Secure Site</web-resource-name>

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message