tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank McCown <fmcc...@cs.odu.edu>
Subject Help getting form-based authentication example working
Date Tue, 01 May 2007 18:37:37 GMT
Hello,

I'm having problems getting the form-based authentication example that 
ships with Tomcat 6 to work properly.

I have followed all the instructions at

http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html

to make the form authentication example using MemoryRealm to work for

http://myserver:9090/examples/jsp/security/protected/

but when I access this URL, I get the protected page that says:

You are logged in as remote user null in session BLAH...
No user principal could be identified.

I understand that this page should redirect me to the login.jsp page 
instead where I can enter user1/test.


Here's what I did:

$CATALINA_HOME/conf/server.xml:

<Realm className="org.apache.catalina.realm.MemoryRealm" />


$CATALINA_HOME/conf/tomcat-users.xml:

<tomcat-users>
   <role rolename="tomcat"/>
   <role rolename="role1"/>
   <user username="user2" password="test" roles="role1"/>
   <user username="user1" password="test" roles="tomcat"/>
</tomcat-users>


$CATALINA_HOME/webapps/examples/WEB-INF/web.xml:

<security-constraint>
       <display-name>Example Security Constraint</display-name>
       <web-resource-collection>
          <web-resource-name>Protected Area</web-resource-name>
	 <!-- Define the context-relative URL(s) to be protected -->
          <url-pattern>/security/protected/*</url-pattern>
	 <!-- If you list http methods, only those methods are protected -->
	 <http-method>DELETE</http-method>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
	 <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
          <!-- Anyone with one of the listed roles may access this area -->
          <role-name>tomcat</role-name>
	 <role-name>role1</role-name>
       </auth-constraint>
     </security-constraint>

     <!-- Default login configuration uses form-based authentication -->
     <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>Example Form-Based Authentication Area</realm-name>
       <form-login-config>
 
<form-login-page>/jsp/security/protected/login.jsp</form-login-page> 
   <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
       </form-login-config>
     </login-config>


Any help would be much appreciated.  I'm running Tomcat on a Solaris 
workstation and accessing it from my Windows client with Firefox.

Regards,
Frank

-- 
Frank McCown
Old Dominion University
http://www.cs.odu.edu/~fmccown/

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message