tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frank McCown <fmcc...@cs.odu.edu>
Subject Form-based authentication example broken in Tomcat 6.0
Date Wed, 02 May 2007 14:41:57 GMT
I noticed the MemoryRealm / form-based authentication example in Tomcat 
6.0 is broken.  The example works just fine in Tomcat 5.5, but in the 
migration to 6.0, it got broken.  According to the doc at

http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html

the app is supposed to be available at

http://localhost:8080/jsp-examples/security/protected/

but the URL is actually

http://localhost:8080/examples/jsp/security/protected/


The default contents of the conf/tomcat-users.xml file *should* be

<tomcat-users>
   <user name="tomcat" password="tomcat" roles="tomcat" />
   <user name="role1"  password="tomcat" roles="role1"  />
   <user name="both"   password="tomcat" roles="tomcat,role1" />
</tomcat-users>

but the file that ships with 6.0 is missing all the <user> tags.


And the server.xml file is missing the line:

<Realm className="org.apache.catalina.realm.MemoryRealm" />


Finally the web.xml file is using the wrong <url-pattern>.  It is set to

<url-pattern>/security/protected/*</url-pattern>

but should be

<url-pattern>/jsp/security/protected/*</url-pattern>

Making these changes will fix the example.  Hope someone working on 
Tomcat sees this post.

Regards,
Frank



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message