tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Wallace <jwall...@anode.com>
Subject can't get parameter when security is on
Date Mon, 01 May 2006 21:55:20 GMT
  I am having problems getting a parameter from my web form when I have 
security turned on for a servlet running in Tomcat 5.5.15.  Here is the 
code:


My Tomcat's server.xml file has this defined:
    <Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

...and...

    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />

Note:  I did not change anything in the server.xml file other than 
uncomment the sections above.

Now in my web.xml deployment descriptor I have defined:

   <security-constraint>
      <web-resource-collection>
         <web-resource-name>ParameterTest</web-resource-name>
            <url-pattern>/parameter_test</url-pattern>
         </web-resource-collection>

         <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
   </security-constraint>

   <servlet>
      <servlet-name>Parameter Test</servlet-name>
      <servlet-class>ParameterTest</servlet-class>
   </servlet>

   <servlet-mapping>
      <servlet-name>Parameter Test</servlet-name>
      <url-pattern>/parameter_test</url-pattern>
   </servlet-mapping>


I have a simple web form:

<html>
   <head>
      <title>Parameter Test</title>
   </head>
   <body>
      <center>Parameter Test
      <br>
      <br>
      <form action="parameter_test" method="post">
         Please enter your parameter: <input type="text" name="my_parameter">
         <br>
         <br>
         <input type="submit" value="Ok"/>
      </form>
      </center>
   </body>
</html>



Finally in my code (ParameterTest.java) I have:

   public void doPost (HttpServletRequest request, HttpServletResponse 
response) throws IOException {
      PrintWriter out = response.getWriter();
 
      String the_parameter = request.getParameter("my_parameter");
      out.println("my_parameter = "+the_parameter);

      out.println("parameter names:");
      for (Enumeration e = request.getParameterNames() ; 
e.hasMoreElements() ;) {
         out.println("parameter: "+e.nextElement());
     }
}

If the  security-constraint section IS defined in my web.xml deployment 
descriptor, output in my web browser is:

my_parameter = null
parameter names:

Now if I take the security-constraint section out of my web.xml file I 
get the following output in my web browser:

my_parameter = 43625
parameter names:
parameter: my_parameter

So my code works just fine /without/ the security-constraint defined.

My question is this:  What do I need to do to get the parameter to be 
passed to my ParameterTest servlet with the security-constraint 
defined?  I need security to work here.

Thanks,

-- 
John Wallace | Java / Web Developer
jwallace@anode.com http://anode.com


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message