tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <de...@oma.be>
Subject Re: Access to error page denied in Firefox 2.0
Date Tue, 23 Jan 2007 12:26:36 GMT
En l'instant précis du 01/22/07 17:05, Marcel Frehner s'exprimait en ces
termes:
> Thank you for your answer David. My conclusion would be to move my
> protected resources to a separate folder and adjust my web.xml
> accordingly. Of course you were absolutely right about the 403 status.
> My Firefox had an existing but not authorised user stored and I kept
> testing with that one.
>
> And instead of a link from the error.html back to the login.html, I
> would either add a login form to the error page or link to a page that
> needs authentication and causes Tomcat to return the login form again,
> wouldn't I?
Add a link on error page back to an area needing authentification, so
tomcat show login again.
>
> I think I understand that now, thanks!
> Marcel
>
> At 16:29 22.01.2007 +0100, you wrote:
>> I see several potential problems as a side note before the core
>> problem...
>> First, you map your security constraint to /*, that mean *nothing* in
>> your webapp will be accessible prior to login, this includes
>> pictures, css.
>> Second, be aware to never access directly login.html, it should be
>> tomcat that send the content of login.html to user upon needing
>> authentification. To make your test, for example, direct your browser to
>> /index.html (yes authentifcication take place even if file does not
>> exist :p). Take this into account when adding a 'link' to login form in
>> your error document
>>
>> Now, core of problem. Tomcat sends an error 403 header along with the
>> content of your error page. This happens when your credentials have been
>> accepted, your are authenticated, but your don't have the required
>> access right. (common example you are a 'user' but not an 'admin', you
>> try to access the admin panel, tomcat will refuse you, but not present
>> you the authentification form because you are already identified)
>>
>>
>> En l'instant précis du 01/22/07 16:11, Marcel Frehner s'exprimait en ces
>> termes:
>> > I'm trying to set up form-based authentication in a JSF Application on
>> > Tomcat 5.5.4. I've got a login page, a welcome page and an error page.
>> > On entering the right username and password I get redirected to
>> > welcome.jsp. On entering the wrong credentials IE displays my custom
>> > error.html with a link back to login.html where I can try with the
>> > right password again. So far so good.
>> >
>> > Firefox 2.0, however, displays "HTTP Status 403 - Access to the
>> > requested resource has been denied" if the wrong credentials are
>> > entered. I can't get back to the login page anymore, even with the
>> > back button in the browser. Logging in with the correct credentials
>> > works as expected.
>> >
>> > I understand that Tomcat forwards control to the error page configured
>> > in web.xml if authentication fails. I can't see any browser dependency
>> > here. Or does it do a redirect, i.e. go back to the browser first?
>> >
>> > When setting up the application I followed Sun's Java 5 EE Tutorial
>> > (Chapter 30: Securing Web Applications) leaving out the mapping of
>> > roles to user groups as I haven't got any server groups.
>> >
>> > The settings in the Tomcat admin application, which works fine, seem
>> > to be equivalent to mine although hard to compare as it is Struts and
>> > mine is JSF.
>> >
>> > I've got an index.jsp file which takes me into the faces context.
>> > Could that cause problems?
>> >
>> > Help is appreciated very much.
>> > Marcel
>> >
>> >
>> > <?xml version="1.0" encoding="UTF-8"?>
>> > <web-app id="WebApp_ID" version="2.4"
>> > xmlns="http://java.sun.com/xml/ns/j2ee"
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> > xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
>> > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
>> > <display-name>sec24</display-name>
>> > <servlet>
>> > <servlet-name>Faces Servlet</servlet-name>
>> > <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
>> > <load-on-startup>1</load-on-startup>
>> > <security-role-ref>
>> > <role-name>loginUser</role-name>
>> > <role-link>loginUser</role-link>
>> > </security-role-ref>
>> > </servlet>
>> > <servlet-mapping>
>> > <servlet-name>Faces Servlet</servlet-name>
>> > <url-pattern>*.faces</url-pattern>
>> > </servlet-mapping>
>> > <welcome-file-list>
>> > <welcome-file>index.jsp</welcome-file>
>> > </welcome-file-list>
>> > <security-constraint>
>> > <display-name>SecurityConstraint</display-name>
>> > <web-resource-collection>
>> > <web-resource-name>WRCollection</web-resource-name>
>> > <url-pattern>/*</url-pattern>
>> > </web-resource-collection>
>> > <auth-constraint>
>> > <role-name>loginUser</role-name>
>> > </auth-constraint>
>> > </security-constraint>
>> >
>> > <login-config>
>> > <auth-method>FORM</auth-method>
>> > <realm-name>security</realm-name>
>> > <form-login-config>
>> > <form-login-page>/login.html</form-login-page>
>> > <form-error-page>/error.html</form-error-page>
>> > </form-login-config>
>> > </login-config>
>> > <security-role>
>> > <role-name>loginUser</role-name>
>> > </security-role>
>> > </web-app>
>> >
>> >
>> >
>> >
>> > --
>> > dipl. geogr. Marcel Frehner
>> > Wissenschaftlicher Mitarbeiter
>> > Eidgenössische Forschungsanstalt für Wald, Schnee und Landschaft WSL
>> > Abteilung Landschaftsinventuren
>> > Zürcherstrasse 111
>> > 8903 Birmensdorf
>> >
>> > Tel. +41-44-739 26 83
>> > marcel.frehner@wsl.ch
>> > http://www.wsl.ch
>> >
>> > ----------------------------
>> >
>> >
>> > ---------------------------------------------------------------------
>> > To start a new topic, e-mail: users@tomcat.apache.org
>> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> > For additional commands, e-mail: users-help@tomcat.apache.org
>> >
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
> -- 
> dipl. geogr. Marcel Frehner
> Wissenschaftlicher Mitarbeiter
> Eidgenössische Forschungsanstalt für Wald, Schnee und Landschaft WSL
> Abteilung Landschaftsinventuren
> Zürcherstrasse 111
> 8903 Birmensdorf
>
> Tel. +41-44-739 26 83
> marcel.frehner@wsl.ch
> http://www.wsl.ch
>
> ----------------------------
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message