tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: TC5 ssl form-based authentication & mozilla
Date Wed, 15 Oct 2003 08:56:21 GMT
On 10/15/2003 10:32 AM Remy Maucherat wrote:
>> With this security:
>>
>>     <web-resource-collection>
>>       <web-resource-name>SSL 4 Login</web-resource-name>
>>       <url-pattern>/login.do</url-pattern>
>>     </web-resource-collection>
>>     <auth-constraint>
>>       <role-name>user</role-name>
>>       <role-name>admin</role-name>
>>     </auth-constraint>
>>     <user-data-constraint>
>>       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>     </user-data-constraint>
>>
>> when I try to login to my login.do mapping, in mozilla I get repeated 
>> login requests from tomcat. The first time twice only, the 2nd time 5 
>> times, 3rd time 10 times etc etc.
>>
>> I can see from my logging that the realm login is successful, but 
>> tomcat keeps giving the login page as stated.
>>
>> This does not happen in IE6 or lynx, in which the login works as normal.
>>
>> Has anybody else experienced this?
> 
> 
> Did you get correctly switched to SSL mode ?
> 

Yes. I have reduced the webapp to a minimum and bundled it in a war at 
http://www.cyberspaceroad.com/test.war (right click it & "save target 
as...") if you want to see what I'm doing. It contains the struts.jar 
and is therefore 0.85MB. If you don't have broadband I can bundle it 
without the jars too.

Sometimes the ssl form-based authentication loops on the login page, and 
sometimes it gives the "invalid direct reference" error.

As mentioned above, the non-SSL normal form-based login works fine.

In IE6 it works fine too.

Rgds
Adam

-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message