tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sloan Seaman" <sl...@sgi.net>
Subject Re: Form based security
Date Thu, 13 Feb 2003 17:29:52 GMT
Back to the validation stuff.

Ok, it validates my user based on the user info in tomcat-users.xml but it
doesn't seem to be putting them in their roles.

When I use the request taglibs isUserInRole tag to check on things the role
is always empty.  Am I missing a step or do I manually have to put the use
in the role?

If so, How?

Thanks again!

--
Sloan

----- Original Message -----
From: "Barney Hamish" <Hamish.Barney@ect-telecoms.de>
To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
Sent: Thursday, February 13, 2003 10:54 AM
Subject: RE: Form based security


> No struts doesn't have a security model of its own but it does make it
> considerably easier to build your own if that's the path you want to go
down
>
> > -----Original Message-----
> > From: Sloan Seaman [mailto:sloan@sgi.net]
> > Sent: Thursday, February 13, 2003 4:52 PM
> > To: Tomcat Users List
> > Subject: Re: Form based security
> >
> >
> > Ok, I've got it now...
> >
> > Thanks for the information.
> >
> > Now my manager is saying he wasnted it all done in Struts and
> > that Struts
> > has a security model that I should be using.  Is he wrong?  I
> > though struts
> > was just tag libs and an MVC for hitting business logic.
> >
> > Time for me to learn struts now I guess...
> >
> > --
> > Sloan
> >
> > ----- Original Message -----
> > From: "Barney Hamish" <Hamish.Barney@ect-telecoms.de>
> > To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> > Sent: Thursday, February 13, 2003 10:33 AM
> > Subject: RE: Form based security
> >
> >
> > > I think you've got the wrong idea about how the form-based
> > security works.
> > > It is counter-intuitive I agree but anyway...
> > >
> > > Firstly the login form should not be in the secure area.
> > > Define as the default page something in the secure area.
> > > When the user tries to go to this default page tomcat will
> > redirect them
> > to
> > > the login page.
> > > After they've logged in successfully Tomcat wil redirect
> > them to the page
> > > they originally asked for (i.e. the default page).
> > >
> > > You don't need a filter to do this. Tomcat does it
> > automatically for you.
> > >
> > > Hamish
> > >
> > > > -----Original Message-----
> > > > From: Sloan Seaman [mailto:sloan@sgi.net]
> > > > Sent: Thursday, February 13, 2003 4:32 PM
> > > > To: Tomcat Users List
> > > > Subject: Re: Form based security
> > > >
> > > >
> > > > Ok,  I figured most of the things out.
> > > >
> > > > My next question (along the same lines) is this:
> > > >
> > > > I have a link to the login.jsp which is now in a
> > > > security-constraint area.
> > > > When they use the login.jsp successfully it complains about:
> > > > Invalid direct reference to form login page
> > > >
> > > > How do I use the login page and define a page for a
> > successful login?
> > > >
> > > > Thanks!
> > > >
> > > > --
> > > > Sloan
> > > >
> > > > ----- Original Message -----
> > > > From: "Sloan Seaman" <sloan@sgi.net>
> > > > To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> > > > Sent: Thursday, February 13, 2003 10:01 AM
> > > > Subject: Re: Form based security
> > > >
> > > >
> > > > > I have a filter set up so that if they don't go to the
> > index.jsp or
> > > > > login.jsp it will redirect them to the login.jsp.
> > > > > (is that the best way?)
> > > > >
> > > > > So basically they either go to the index.jsp or login.jsp
> > > > page. How do I
> > > > > list a page as secure?
> > > > >
> > > > > Do I have to wirte code for the j_security_check or is this
> > > > something
> > > > within
> > > > > tomcat?
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Barney Hamish" <Hamish.Barney@ect-telecoms.de>
> > > > > To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> > > > > Sent: Thursday, February 13, 2003 9:50 AM
> > > > > Subject: RE: Form based security
> > > > >
> > > > >
> > > > > > Are you going directly to the login page? If so then you
> > > > need to go to a
> > > > > > page in that's listed as being secure. You will then be
> > > > forwarded to the
> > > > > > login page. When you've logged in successfully then
> > you will be
> > > > forwarded
> > > > > to
> > > > > > the page you originally requested.
> > > > > > Hamish
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Sloan Seaman [mailto:sloan@sgi.net]
> > > > > > > Sent: Thursday, February 13, 2003 3:48 PM
> > > > > > > To: tomcat-user@jakarta.apache.org
> > > > > > > Subject: Form based security
> > > > > > >
> > > > > > >
> > > > > > > I'm attempting to do form based security and I keep
> > getting a
> > > > > > > 404 error when
> > > > > > > I click the submit button.
> > > > > > >
> > > > > > > I'm guessing I'm missing some type of configuration in
the
> > > > > > > server.xml.....
> > > > > > >
> > > > > > > The form I am using is:
> > > > > > > <form method="POST" action="j_security_check">
> > > > > > >   <input type="text" name="j_username"/>
> > > > > > >   <input type="password" name="j_password"/>
> > > > > > >   <input type="submit" value="Submit">
> > > > > > > </form>
> > > > > > >
> > > > > > >
> > > > > > > And I have the following in my web.xml
> > > > > > >  <login-config>
> > > > > > >      <auth-method>FORM</auth-method>
> > > > > > >   <form-login-config>
> > > > > > >    <form-login-page>/login.jsp</form-login-page>
> > > > > > >    <form-error-page>/login-error.jsp</form-error-page>
> > > > > > >   </form-login-config>
> > > > > > >  </login-config>
> > > > > > >
> > > > > > > Can anyone help me out here?
> > > > > > >
> > > > > > > --
> > > > > > > Sloan
> > > > > > >
> > > > > > >
> > > > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> > > > tomcat-user-unsubscribe@jakarta.apache.org
> > > > > > > For additional commands, e-mail:
> > > > tomcat-user-help@jakarta.apache.org
> > > > > > >
> > > > > >
> > > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> > tomcat-user-unsubscribe@jakarta.apache.org
> > > > > > For additional commands, e-mail:
> > > > tomcat-user-help@jakarta.apache.org
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> > tomcat-user-unsubscribe@jakarta.apache.org
> > > > > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> > > >
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message