Return-Path: 
 <tomcat-user-return-69708-qmlist-jakarta-archive-tomcat-user=nagoya.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org
Received: (qmail 40984 invoked from network); 1 Jul 2003 17:09:29 -0000
Received: from exchange.sun.com (192.18.33.10)
  by daedalus.apache.org with SMTP; 1 Jul 2003 17:09:29 -0000
Received: (qmail 19739 invoked by uid 97); 1 Jul 2003 17:11:55 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org
Received: (qmail 19732 invoked from network); 1 Jul 2003 17:11:55 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by nagoya.betaversion.org with SMTP; 1 Jul 2003 17:11:55 -0000
Received: (qmail 31304 invoked by uid 500); 1 Jul 2003 17:07:07 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 31267 invoked from network); 1 Jul 2003 17:07:06 -0000
Received: from brmea-mail-3.sun.com (192.18.98.34)
  by daedalus.apache.org with SMTP; 1 Jul 2003 17:07:06 -0000
Received: from dub-mail1.Ireland.Sun.COM ([129.156.220.69])
	by brmea-mail-3.sun.com (8.12.9/8.12.9) with ESMTP id h61H791J011838
	for <tomcat-user@jakarta.apache.org>; Tue, 1 Jul 2003 11:07:09 -0600 (MDT)
Received: from sr-edub03-01 (sr-edub03-01 [129.156.220.75])
	by dub-mail1.Ireland.Sun.COM (8.11.7+Sun/8.10.2/ENSMAIL,v2.1p1) with SMTP id
 h61H78h14613
	for <tomcat-user@jakarta.apache.org>; Tue, 1 Jul 2003 18:07:08 +0100 (BST)
Message-Id: <200307011707.h61H78h14613@dub-mail1.Ireland.Sun.COM>
Date: Tue, 1 Jul 2003 18:06:42 +0100 (BST)
From: Maurice Coyle - Sun Microsystems Ireland <M.Coyle@Sun.COM>
Reply-To: Maurice Coyle - Sun Microsystems Ireland <M.Coyle@Sun.COM>
Subject: RE: FORM-based ldap authentication problem
To: tomcat-user@jakarta.apache.org
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: iOc2zjvVA2AMgW7dhwU8KQ==
X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.5.3_06 SunOS 5.9 sun4u sparc 
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

by all means.  there's 4 basic steps to this:

1. in server.xml paste the following (replace <YOUR-SERVER> with the url of the 
ldap server and you'll probably have to change the userBase bit too) to tell 
tomcat where to go to authenticate:

	<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
             connectionURL="ldap://<YOUR-SERVER>:389"
             userBase="ou=people,dc=sun,dc=com"
             userSearch="uid={0}"/>
             


2. in web.xml, right at the end paste the following (add <url-pattern> tags for 
whicever other types of files you want protected):

    <security-constraint>
       <web-resource-collection>
        <web-resource-name>tracker</web-resource-name>
        <url-pattern>*.jsp</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
         <!-- <role-name>std</role-name> -->
         <role-name>*</role-name>
       </auth-constraint>
    </security-constraint>

    <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>ldapRealm</realm-name>
          <form-login-config>
                  <form-login-page>/login.jsp</form-login-page>
                  <form-error-page>/login_error.jsp</form-error-page>
          </form-login-config>
    </login-config>
    
3. create login.jsp and login_error.jsp and put them in the web-app's document 
root

login.jsp must include the form with the j_* fields as in the skeleton form 
below:

<form action="j_security_check" method="POST">
   	LDAP Authentication<BR>
   	
   	<strong>Enter UserId</strong><br>
	<input type="text" name="j_username" size="22">
	
	<strong>Enter Password</strong><br>
	<input type="password" name="j_password" size="22">
	
	<input type="submit" name="Submit" value="Submit">
</form>

login_error.jsp can be as simple as:

<html>
<body>
The system was not able to log you in.<br>
<form>
    <input type="button" onclick="history.go(-1)" value="Retry"/>
</form>
</body>
</html>

4. when you've successfully logged in, to get the name of the user who's logged 
in, use String user = request.getRemoteUser();


hope this helps,
maurice


> Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
> List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
> List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
> List-Post: <mailto:tomcat-user@jakarta.apache.org>
> List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
> Delivered-To: mailing list tomcat-user@jakarta.apache.org
> X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
> content-class: urn:content-classes:message
> Subject: RE: FORM-based ldap authentication problem
> Date: Tue, 1 Jul 2003 12:52:46 -0400
> X-MS-Has-Attach: 
> X-MS-TNEF-Correlator: 
> Thread-Topic: FORM-based ldap authentication problem
> Thread-Index: AcM/8O7x+q8RZHTaQ5mM0xzRg5mCtAAACyJA
> From: "Pitre, Russell" <RPITRE@shawmut.com>
> To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>, "Maurice Coyle - Sun 
Microsystems Ireland" <M.Coyle@sun.com>
> X-OriginalArrivalTime: 01 Jul 2003 16:52:46.0869 (UTC) 
FILETIME=[32D05C50:01C33FF1]
> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
> Content-Transfer-Encoding: 8bit
> X-MIME-Autoconverted: from quoted-printable to 8bit by 
dub-mail1.Ireland.Sun.COM id h61GrEh10906
> 
> I've been trying to get form-based ldap authentication working....but no
> luck.....do you think
> i could see some sample code?
> 
> 
> 
> Russ
> 
> -----Original Message-----
> From: Maurice Coyle - Sun Microsystems Ireland [mailto:M.Coyle@Sun.COM] 
> Sent: Tuesday, July 01, 2003 12:50 PM
> To: tomcat-user@jakarta.apache.org
> Subject: FORM-based ldap authentication problem
> 
> 
> hi all,
> i've implemented form-based ldap authentication on my tomcat server.  it
> works 
> fine in general but from time to time when i enter my ldap username and 
> password, i get a blank page with j_security_check in the location
> field.  if i 
> reload the page, i get the login_error.jsp page and upon reloading the
> page one 
> further time, i am logged in successfully.
> 
> this is the exact sequence whenever there is a problem with the
> authentication, 
> i can reload the page 3 times and i get accepted.
> 
> does anyone have a clue what's the cause and if there's a solution?
> 
> appreciate any help,
> maurice
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org