tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Crosbie <jer...@crosbie.us>
Subject Re: Using Authentication/Authorization
Date Tue, 15 Nov 2005 21:11:43 GMT
Can you supply the relevant sections of your web.xml? I am using FORM-based
authentication--tested with both the Memory and JAAS realms--but maybe this
will give you some hints:

...
<security-constraint>
  <web-resource-collection>
    <web-resource-name>home page</web-resource-name>
    <url-pattern>/index.jsp</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
    <role-name>myrole</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/loginError.jsp</form-login-page>
  </form-login-config>
</login-config>
<security-role>
  <role-name>myrole</role-name>
</security-role>
...


On 11/15/05 1:49 PM, "Jess" <jryan@ece.unm.edu> wrote:

> Hiya,
> 
> I am using Tomcat and Apache to host a simple website.  I need to
> have some security on the site.  At least to start with.  Eventually
> I need to have security, period.  :)  So, following the documentation
> and several walk-thrus from many sources, I cannot get tomcat to
> cooperate.  I am running Mac OS X 10.4.3 and am using Java 1.5.0,
> apache 1.3, and tomcat 5.5.12 and am connecting apache and tomcat
> with the ajp13 connector (using mod_jk version 1.2.14).  At this
> point, I'm think I'm bypassing Apache/JKconnectors and going straight
> to the webapp via port 8080...
> 
> When I set up the web.xml file for using, say, basic security, and
> then attempt to access the constrained resources, tomcat gives me the
> error that the requested resource is not availabe.  When I remove all
> attempts (in the web.xml file) at security, I can access the resource
> just fine.  I tried using the UserDatabase realm and also the
> MemoryRealm, but to no avail either way.
> 
> Next, when I go to the default tomcat page, http://localhost:8080,
> and try to go to the Administrator section, it asks for my login and
> password.  (I've configured the tomcat-users.xml file to add an admin
> and manager role to one of the users and restarted the server.)  But
> when I attempt to log in, I get the error: "The requested resource (/
> admin/j_security_check) is not available."  I know j_security_check
> is the action you enter for a form authentication, but this is what
> came with tomcat.. nothing of my creation, so I don't think I'm the
> problem.  This link worked on my tomcat version 5.0.  I upgraded
> today and now it doesn't work... so now seeings how I can't seem to
> get security running on my webapp and I can't log in to the
> administration section of the server, I'm wondering if there is some
> funk going on out of my scope.  I downloaded the binaries for mac..
> maybe something is wrong?  If anyone has any idea, please let me
> know.. I am at a total loss.
> 
> Thankyou,
> Jess Ryan
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message