tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rosaria Silipo" <rosariasil...@yahoo.com>
Subject RE: problems with web.xml and security
Date Wed, 18 Jun 2003 17:23:20 GMT

Thanks! 
The SingleSignOn valve works like a charm!

-----Original Message-----
From: news [mailto:news@main.gmane.org] On Behalf Of Bill Barker
Sent: Wednesday, June 18, 2003 1:02 AM
To: tomcat-user@jakarta.apache.org
Subject: Re: problems with web.xml and security

Now we are getting somewhere ;-).

If you have a context with a path="/secure", then you need to set the
<security-constraint> (including <login-config>) in that web.xml as you
have
except that you only need to have the <url-pattern>/*</url-pattern>
(since
the url-pattern is relative to the context-path).

Note that unless you enable the SingleSignOn Valve, your logins to '/'
and
to '/secure' won't transfer from one to the other.  You'll have to login
to
each one seperately.

"Rosaria Silipo" <rosariasilipo@yahoo.com> wrote in message
news:000001c33566$3ed4dde0$930017ac@SuperTopina...
>
>
> Jwsdp.log.<date>.txt does not report any error.
> I do not have catalina.out.
> Maybe I am using the wrong version of Tomcat?
>
> I think my problem is that /secure has its own web.xml that overrides
> the web.xml in /. How can I avoid that?
>
> -- Rosaria
>
> -----Original Message-----
> From: news [mailto:news@main.gmane.org] On Behalf Of Bill Barker
> Sent: Tuesday, June 17, 2003 11:46 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Re: problems with web.xml and security
>
> <servlet-mapping> and <mime-mapping> are optional elements.  If you
> don't
> need them, then they don't have to be there.
>
> If you remove the <session-config>, then the rest of what is posted of
> your
> web.xml is valid (even if the /secure/* is implied by the /*, but that
> shouldn't matter).  I'm still going to guess that there are errors in
> your
> log files (esp. catalina.out) that will tell you more about the
problem.
>
> If I'm wrong, then it sounds like it should be easy enough for you to
> strip
> down your app to something generic (e.g. I don't need to know anything
> about
> your proprietary  Beans), and wrap it up in a war file ("jar cf
bug.war
> bugapp"), and attach it to a bug report at
> http://nagoya.apache.org/bugzilla.
>
> "Rosaria Silipo" <rosariasilipo@yahoo.com> wrote in message
> news:004801c33556$d1534220$930017ac@SuperTopina...
> >
> > I am a bit confused.
> > I do not have any <servlet-mapping> or <mime-mapping> (do I need
> them?)
> > and I followed the order as it is in the tutorial.
> > Even removing <session-config>, /secure/* is not authenticated and
/*
> > is.
> >
> > -- Rosaria
> >
> >
> > -----Original Message-----
> > From: news [mailto:news@main.gmane.org] On Behalf Of Bill Barker
> > Sent: Tuesday, June 17, 2003 8:16 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Re: problems with web.xml and security
> >
> > If you check your log files, you should see that it doesn't like
your
> > web.xml file because <session-config> comes after <servlet-mapping>
> and
> > before <mime-mapping> (which both come before
<security-constraint>).
> > Tomcat 4.x is picky about enforcing the order of elements in your
> > web.xml
> > file (TC 3.3 is as well, at least by default).  The result is that
> > Tomcat
> > stopped reading your file as soon as it got to the <session-config>
> > line.
> >
> > "Rosaria Silipo" <rosariasilipo@yahoo.com> wrote in message
> > news:001301c334f0$0400c2e0$930017ac@SuperTopina...
> > >
> > > Hi,
> > >
> > > I am trying to set up Tomcat as a secure web engine.
> > > From the tutorial I understood that you should insert the
following
> > > lines in web.xml and the password protection should work.
> > >
> > > This works perfectly for files in the root directory (/*), it does
> not
> > > work for files in subdirectories, like /secure/*.
> > >
> > > Have you have ever seen this problem before?
> > >
> > > Thanks for any help
> > >
> > > -- Rosaria
> > >
> > > <!DOCTYPE web-app
> > >     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
2.3//EN"
> > >     "http://java.sun.com/dtd/web-app_2_3.dtd">
> > >
> > > <web-app>
> > > ...
> > >
> > > <!-- SECURITY CONSTRAINT -->
> > > <security-constraint>
> > >   <web-resource-collection>
> > >      <web-resource-name>Secure Pages</web-resource-name>
> > >      <description>Security constraint on all files</description>
> > >      <url-pattern>/*</url-pattern>
> > >      <url-pattern>/secure/*</url-pattern>
> > >      <http-method>POST</http-method>
> > >      <http-method>GET</http-method>
> > >   </web-resource-collection>
> > >
> > >   <auth-constraint>
> > >     <description>admin can login</description>
> > >      <role-name>admin</role-name>
> > >   </auth-constraint>
> > >
> > >    <user-data-constraint>
> > >      <description>SSL not required</description>
> > >      <transport-guarantee>NONE</transport-guarantee>
> > >    </user-data-constraint>
> > > </security-constraint>
> > >
> > > <session-config>
> > >    <session-timeout>30</session-timeout>
> > > </session-config>
> > >
> > > <!-- LOGIN AUTHENTICATION -->
> > >
> > > <login-config>
> > >   <auth-method>FORM</auth-method>
> > >   <realm-name>default</realm-name>
> > >   <form-login-config>
> > >     <form-login-page>/LoginForm.html</form-login-page>
> > >     <form-error-page>/LoginError.html</form-error-page>
> > >   </form-login-config>
> > >
> > > </login-config>
> > >
> > > <!-- SECURITY ROLES -->
> > >
> > > <security-role>
> > >    <description>The most secure role</description>
> > >    <role-name>admin</role-name>
> > > </security-role>
> > >
> > > </web-app>
> > >
> > >
> > > -- Rosaria
> >
> >
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message