tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Madere, Colin" <colin.mad...@ieminc.com>
Subject RE: problem in FORM authentication
Date Thu, 11 Sep 2003 20:20:35 GMT
Ok, there is probably an issue with having your login pages not in the
webapp they are used for.  Move them into the app directory they are used
for and that might fix it.  There's a lot of goofiness in this area and
unfortunately no clean way to share login/logout pages amongst multiple
webapps.

-----Original Message-----
From: Fabio Bazzani [mailto:siemfabio@grisnet.it] 
Sent: Thursday, September 11, 2003 4:07 PM
To: Tomcat Users List
Subject: Re: problem in FORM authentication


These are my steps:

1) I just call index.jsp
2) click on my link (/prenotazione/index.jsp)
3) tomcat give me logIn.jsp
4) I correctly authenticate (I saw in catalina_log.yyyy-mm-dd.txt)
5)  The request sent by the client was syntactically incorrect (Invalid
direct  reference to form login page).


-----------------------------------------------------------------------
....
webapps/index.jsp  <-- where I call /prenotazione/index.jsp
webapps/prenotazione/index.jsp webapps/logIn/logIn.jsp
webapps/logIn/logIn-error.jsp ....
--------------------------------------------------------------------------
 From server.xml :

....
....
<Host name="localhost" debug="0" appBase="webapps"
       unpackWARs="true" autoDeploy="true">

        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn"
                   debug="0"/>
        -->

       <!--
        <Valve className="org.apache.catalina.valves.AccessLogValve"
                 directory="logs"  prefix="localhost_access_log."
suffix=".txt"
                 pattern="common" resolveHosts="false"/>
        -->

        <Logger className="org.apache.catalina.logger.FileLogger"
                 directory="logs"  prefix="localhost_log." suffix=".txt"
            timestamp="true"/>


        <!-- Tomcat Root Context -->
        <!--
          <Context path="" docBase="ROOT" debug="0"/>
        -->

  <!-- context added for Web CUP project -->

  <Context path="/webcup"
     docBase="C:\Projects\WEBCUP\WebCup-app\webapps"
           debug="0"
           reloadable="true"
           crossContext="true">

    <Logger className="org.apache.catalina.logger.FileLogger"
            prefix="localhost_webcup_log."
            suffix=".txt"
            timestamp="true"/>

    <Resource name="jdbc/webcup"
              auth="Container"
              type="javax.sql.DataSource"/>

    <ResourceParams name="jdbc/webcup">
      <parameter>
        <name>factory</name>
        <value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
      </parameter>

      <!-- Maximum number of dB connections in pool. Make sure you
           configure your mysqld max_connections large enough to handle
           all of your db connections. Set to 0 for no limit.
           -->
      <parameter>
        <name>maxActive</name>
        <value>100</value>
      </parameter>

      <!-- Maximum number of idle dB connections to retain in pool.
           Set to 0 for no limit.
           -->
      <parameter>
        <name>maxIdle</name>
        <value>30</value>
      </parameter>

      <!-- Maximum time to wait for a dB connection to become available
           in ms, in this example 10 seconds. An Exception is thrown if
           this timeout is exceeded.  Set to -1 to wait indefinitely.
           -->
      <parameter>
        <name>maxWait</name>
        <value>10000</value>
      </parameter>

      <!-- MySQL dB username and password for dB connections  -->
      <parameter>
       <name>username</name>
       <value>admin</value>
      </parameter>
      <parameter>
       <name>password</name>
       <value>mysql</value>
      </parameter>

      <!-- Class name for mm.mysql JDBC driver -->
      <parameter>
         <name>driverClassName</name>
         <value>org.gjt.mm.mysql.Driver</value>
      </parameter>

      <!-- The JDBC connection url for connecting to your MySQL dB.
           The autoReconnect=true argument to the url makes sure that the
           mm.mysql JDBC Driver will automatically reconnect if mysqld
closed the
           connection.  mysqld by default closes idle connections after 8
hours.
           -->
      <parameter>
        <name>url</name>
        <value>jdbc:mysql://localhost:3306/webcup?autoReconnect=true</value>
      </parameter>
    </ResourceParams>
  </Context>
</Host>

--------------------------------------------------------------------------
from web.xml :


    ......
  <security-constraint>
       <web-resource-collection>
            <web-resource-name>Web CUP: pagina di prenotazione e
registrazione</web-resource-name>
            <url-pattern>/prenotazione/*</url-pattern>
            <url-pattern>/disponibilita/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
           <role-name>patient</role-name>
           <role-name>doctor</role-name>
     </auth-constraint>
  </security-constraint>

  <security-constraint>
        <web-resource-collection>
            <web-resource-name>Web CUP: pagina di accettazione visita da
parte dei dottori</web-resource-name>
            <url-pattern>/dottori/*</url-pattern>
            <http-method>DELETE</http-method>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>PUT</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>doctor</role-name>
        </auth-constraint>
  </security-constraint>

  <!-- Security constraints END -->

  <login-config>
       <auth-method>FORM</auth-method>
           <form-login-config>
                <form-login-page>/logIn/logIn.jsp</form-login-page>
                <form-error-page>/logIn/logIn-error.jsp</form-error-page>
           </form-login-config>
  </login-config>

  <security-role>
       <description>doctor role</description>
       <role-name>doctor</role-name>
  </security-role>

  <security-role>
       <description>patient role</description>
       <role-name>patient</role-name>
  </security-role>

.....

----------------------------------------------------------------------------
-------------





----- Original Message -----
From: "Madere, Colin" <colin.madere@ieminc.com>
To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
Sent: Thursday, September 11, 2003 9:36 PM
Subject: RE: problem in FORM authentication


> If searching the archives of this list don't help, try posting a 
> trimmed down version of your server.xml (probably just the <host> or 
> even just
your
> relevent <Context> tag if you have one) and your auth setup from your 
> web.xml and the structure of your web-app (in case it is non-standard
which
> may cause problems).


> But you are saying after you get this error page you are authenticated 
> and can access the protected area?

YES


>
> -----Original Message-----
> From: Fabio Bazzani [mailto:siemfabio@grisnet.it]
> Sent: Thursday, September 11, 2003 3:17 PM
> To: Tomcat Users List
> Subject: problem in FORM authentication
>
>
> I'm using tomcat 4.1.27.
>
> I authenticate with FORM login and I get 400 error:
>
> The request sent by the client was syntactically incorrect (Invalid 
> direct reference to form login page).
>
> when I try to get a page with security constraints Tomcat show me the
login
> page (action = "j_security_check" , etc....). I authenticate but 
> Tomcat
give
> me 400 error code.
>
> where to find the error ?
>
> From %CATALINA_HOME%\logs\catalina_log.yyyy-mm-dd.txt  user results to 
> be authenticated correctly but it doesn't show me the page I 
> requested.
>
> what about j_security_check ??
>
> Please, help me.
>
> FB.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Mime
View raw message