tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcel Frehner <marcel.freh...@wsl.ch>
Subject Re: Access to error page denied in Firefox 2.0
Date Mon, 22 Jan 2007 16:05:23 GMT
Thank you for your answer David. My conclusion would be to move my 
protected resources to a separate folder and adjust my web.xml accordingly. 
Of course you were absolutely right about the 403 status. My Firefox had an 
existing but not authorised user stored and I kept testing with that one.

And instead of a link from the error.html back to the login.html, I would 
either add a login form to the error page or link to a page that needs 
authentication and causes Tomcat to return the login form again, wouldn't I?

I think I understand that now, thanks!
Marcel

At 16:29 22.01.2007 +0100, you wrote:
>I see several potential problems as a side note before the core problem...
>First, you map your security constraint to /*, that mean *nothing* in
>your webapp will be accessible prior to login, this includes pictures, css.
>Second, be aware to never access directly login.html, it should be
>tomcat that send the content of login.html to user upon needing
>authentification. To make your test, for example, direct your browser to
>/index.html (yes authentifcication take place even if file does not
>exist :p). Take this into account when adding a 'link' to login form in
>your error document
>
>Now, core of problem. Tomcat sends an error 403 header along with the
>content of your error page. This happens when your credentials have been
>accepted, your are authenticated, but your don't have the required
>access right. (common example you are a 'user' but not an 'admin', you
>try to access the admin panel, tomcat will refuse you, but not present
>you the authentification form because you are already identified)
>
>
>En l'instant précis du 01/22/07 16:11, Marcel Frehner s'exprimait en ces
>termes:
> > I'm trying to set up form-based authentication in a JSF Application on
> > Tomcat 5.5.4. I've got a login page, a welcome page and an error page.
> > On entering the right username and password I get redirected to
> > welcome.jsp. On entering the wrong credentials IE displays my custom
> > error.html with a link back to login.html where I can try with the
> > right password again. So far so good.
> >
> > Firefox 2.0, however, displays "HTTP Status 403 - Access to the
> > requested resource has been denied" if the wrong credentials are
> > entered. I can't get back to the login page anymore, even with the
> > back button in the browser. Logging in with the correct credentials
> > works as expected.
> >
> > I understand that Tomcat forwards control to the error page configured
> > in web.xml if authentication fails. I can't see any browser dependency
> > here. Or does it do a redirect, i.e. go back to the browser first?
> >
> > When setting up the application I followed Sun's Java 5 EE Tutorial
> > (Chapter 30: Securing Web Applications) leaving out the mapping of
> > roles to user groups as I haven't got any server groups.
> >
> > The settings in the Tomcat admin application, which works fine, seem
> > to be equivalent to mine although hard to compare as it is Struts and
> > mine is JSF.
> >
> > I've got an index.jsp file which takes me into the faces context.
> > Could that cause problems?
> >
> > Help is appreciated very much.
> > Marcel
> >
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <web-app id="WebApp_ID" version="2.4"
> > xmlns="http://java.sun.com/xml/ns/j2ee"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
> > <display-name>sec24</display-name>
> > <servlet>
> > <servlet-name>Faces Servlet</servlet-name>
> > <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
> > <load-on-startup>1</load-on-startup>
> > <security-role-ref>
> > <role-name>loginUser</role-name>
> > <role-link>loginUser</role-link>
> > </security-role-ref>
> > </servlet>
> > <servlet-mapping>
> > <servlet-name>Faces Servlet</servlet-name>
> > <url-pattern>*.faces</url-pattern>
> > </servlet-mapping>
> > <welcome-file-list>
> > <welcome-file>index.jsp</welcome-file>
> > </welcome-file-list>
> > <security-constraint>
> > <display-name>SecurityConstraint</display-name>
> > <web-resource-collection>
> > <web-resource-name>WRCollection</web-resource-name>
> > <url-pattern>/*</url-pattern>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>loginUser</role-name>
> > </auth-constraint>
> > </security-constraint>
> >
> > <login-config>
> > <auth-method>FORM</auth-method>
> > <realm-name>security</realm-name>
> > <form-login-config>
> > <form-login-page>/login.html</form-login-page>
> > <form-error-page>/error.html</form-error-page>
> > </form-login-config>
> > </login-config>
> > <security-role>
> > <role-name>loginUser</role-name>
> > </security-role>
> > </web-app>
> >
> >
> >
> >
> > --
> > dipl. geogr. Marcel Frehner
> > Wissenschaftlicher Mitarbeiter
> > Eidgenössische Forschungsanstalt für Wald, Schnee und Landschaft WSL
> > Abteilung Landschaftsinventuren
> > Zürcherstrasse 111
> > 8903 Birmensdorf
> >
> > Tel. +41-44-739 26 83
> > marcel.frehner@wsl.ch
> > http://www.wsl.ch
> >
> > ----------------------------
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org




--
dipl. geogr. Marcel Frehner
Wissenschaftlicher Mitarbeiter
Eidgenössische Forschungsanstalt für Wald, Schnee und Landschaft WSL
Abteilung Landschaftsinventuren
Zürcherstrasse 111
8903 Birmensdorf

Tel. +41-44-739 26 83
marcel.frehner@wsl.ch
http://www.wsl.ch

----------------------------


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message