tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fabio Bazzani" <siemfa...@grisnet.it>
Subject Re: problem in FORM authentication
Date Thu, 11 Sep 2003 20:06:37 GMT
These are my steps:

1) I just call index.jsp
2) click on my link (/prenotazione/index.jsp)
3) tomcat give me logIn.jsp
4) I correctly authenticate (I saw in catalina_log.yyyy-mm-dd.txt)
5)  The request sent by the client was syntactically incorrect (Invalid
direct
 reference to form login page).


-----------------------------------------------------------------------
....
webapps/index.jsp  <-- where I call /prenotazione/index.jsp
webapps/prenotazione/index.jsp
webapps/logIn/logIn.jsp
webapps/logIn/logIn-error.jsp
....
--------------------------------------------------------------------------
 From server.xml :

....
....
<Host name="localhost" debug="0" appBase="webapps"
       unpackWARs="true" autoDeploy="true">

        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
                   debug="0"/>
        -->

       <!--
        <Valve className="org.apache.catalina.valves.AccessLogValve"
                 directory="logs"  prefix="localhost_access_log."
suffix=".txt"
                 pattern="common" resolveHosts="false"/>
        -->

        <Logger className="org.apache.catalina.logger.FileLogger"
                 directory="logs"  prefix="localhost_log." suffix=".txt"
            timestamp="true"/>


        <!-- Tomcat Root Context -->
        <!--
          <Context path="" docBase="ROOT" debug="0"/>
        -->

  <!-- context added for Web CUP project -->

  <Context path="/webcup"
     docBase="C:\Projects\WEBCUP\WebCup-app\webapps"
           debug="0"
           reloadable="true"
           crossContext="true">

    <Logger className="org.apache.catalina.logger.FileLogger"
            prefix="localhost_webcup_log."
            suffix=".txt"
            timestamp="true"/>

    <Resource name="jdbc/webcup"
              auth="Container"
              type="javax.sql.DataSource"/>

    <ResourceParams name="jdbc/webcup">
      <parameter>
        <name>factory</name>
        <value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
      </parameter>

      <!-- Maximum number of dB connections in pool. Make sure you
           configure your mysqld max_connections large enough to handle
           all of your db connections. Set to 0 for no limit.
           -->
      <parameter>
        <name>maxActive</name>
        <value>100</value>
      </parameter>

      <!-- Maximum number of idle dB connections to retain in pool.
           Set to 0 for no limit.
           -->
      <parameter>
        <name>maxIdle</name>
        <value>30</value>
      </parameter>

      <!-- Maximum time to wait for a dB connection to become available
           in ms, in this example 10 seconds. An Exception is thrown if
           this timeout is exceeded.  Set to -1 to wait indefinitely.
           -->
      <parameter>
        <name>maxWait</name>
        <value>10000</value>
      </parameter>

      <!-- MySQL dB username and password for dB connections  -->
      <parameter>
       <name>username</name>
       <value>admin</value>
      </parameter>
      <parameter>
       <name>password</name>
       <value>mysql</value>
      </parameter>

      <!-- Class name for mm.mysql JDBC driver -->
      <parameter>
         <name>driverClassName</name>
         <value>org.gjt.mm.mysql.Driver</value>
      </parameter>

      <!-- The JDBC connection url for connecting to your MySQL dB.
           The autoReconnect=true argument to the url makes sure that the
           mm.mysql JDBC Driver will automatically reconnect if mysqld
closed the
           connection.  mysqld by default closes idle connections after 8
hours.
           -->
      <parameter>
        <name>url</name>
        <value>jdbc:mysql://localhost:3306/webcup?autoReconnect=true</value>
      </parameter>
    </ResourceParams>
  </Context>
</Host>

--------------------------------------------------------------------------
from web.xml :


    ......
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Web CUP: pagina di prenotazione e
registrazione</web-resource-name>
            <url-pattern>/prenotazione/*</url-pattern>
            <url-pattern>/disponibilita/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
           <role-name>patient</role-name>
           <role-name>doctor</role-name>
     </auth-constraint>
  </security-constraint>

  <security-constraint>
        <web-resource-collection>
            <web-resource-name>Web CUP: pagina di accettazione visita da
parte dei dottori</web-resource-name>
            <url-pattern>/dottori/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>doctor</role-name>
        </auth-constraint>
  </security-constraint>

  <!-- Security constraints END -->

  <login-config>
       <auth-method>FORM</auth-method>
           <form-login-config>
                <form-login-page>/logIn/logIn.jsp</form-login-page>
                <form-error-page>/logIn/logIn-error.jsp</form-error-page>
           </form-login-config>
  </login-config>

  <security-role>
       <description>doctor role</description>
       <role-name>doctor</role-name>
  </security-role>

  <security-role>
       <description>patient role</description>
       <role-name>patient</role-name>
  </security-role>

.....

----------------------------------------------------------------------------
-------------





----- Original Message -----
From: "Madere, Colin" <colin.madere@ieminc.com>
To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
Sent: Thursday, September 11, 2003 9:36 PM
Subject: RE: problem in FORM authentication


> If searching the archives of this list don't help, try posting a trimmed
> down version of your server.xml (probably just the <host> or even just
your
> relevent <Context> tag if you have one) and your auth setup from your
> web.xml and the structure of your web-app (in case it is non-standard
which
> may cause problems).


> But you are saying after you get this error page you are authenticated and
> can access the protected area?

YES


>
> -----Original Message-----
> From: Fabio Bazzani [mailto:siemfabio@grisnet.it]
> Sent: Thursday, September 11, 2003 3:17 PM
> To: Tomcat Users List
> Subject: problem in FORM authentication
>
>
> I'm using tomcat 4.1.27.
>
> I authenticate with FORM login and I get 400 error:
>
> The request sent by the client was syntactically incorrect (Invalid direct
> reference to form login page).
>
> when I try to get a page with security constraints Tomcat show me the
login
> page (action = "j_security_check" , etc....). I authenticate but Tomcat
give
> me 400 error code.
>
> where to find the error ?
>
> From %CATALINA_HOME%\logs\catalina_log.yyyy-mm-dd.txt  user results to be
> authenticated correctly but it doesn't show me the page I requested.
>
> what about j_security_check ??
>
> Please, help me.
>
> FB.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



Mime
View raw message