tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Rumppe <erum...@library.berkeley.edu>
Subject Authentication Issues
Date Tue, 26 Aug 2008 19:03:07 GMT
Hello All,

I am having a very difficult time using Tomcat authentication.  Here is 
the situation:

For right now I am using BASIC authentication.  There are 3 roles 
defined in the tomcat-users.xml file.  To access different areas of my 
application requires different levels of roles.  I want my users to be 
able to click on a link and if they don't meet the role requirement have 
the Authentication Requested login box pop-up so someone with the proper 
level of access can simply login right there and go to the requested 
screen.  Instead of this happening all I get is an HTTP error page 
saying  that the request resource is protected.  The user then has to 
close their browser and re-open it to log in as another user with a 
different role.  It would make sense to me that Tomcat has a way of 
handling this issue, but I can't for the life of me find it.  HELP!!!!

I have also tried to simply implement a logout function that removes the 
current session and (supposedly) deletes the persistent cookie and 
presents the user with a screen that has a link to a page that requires 
a login.  It should (IMHO) present them with the login box once they 
click the link since the session and cookie were removed, but it 
doesn't.  I've monitored the Tomcat sessions through the manager 
application and I know that the session is being removed for sure but it 
doesn't seem that the cookie is being removed.  Here is the code for the 
utility that removes the session and cookie:

package logic;

import javax.servlet.http.*;
import javax.servlet.http.HttpSession.*;
import java.io.*;
import javax.servlet.*;

public class CookieUtil extends HttpServlet
{
  protected void doGet(HttpServletRequest request,
            HttpServletResponse response)
            throws ServletException, IOException
  {
    HttpSession session = request.getSession();
    session.invalidate();

    Cookie[] cookies = request.getCookies();
    for (int i=0; i<cookies.length; i++)
    {
    Cookie cookie = cookies[i];
    cookie.setMaxAge(0); //delete the cookie
    }

    response.sendRedirect("loggedout.vm");
  }
}


I'm using Tomcat 6 with the VRaptor and Velocity frameworks. 

If anyone can help me with this it would be greatly appreciated!

Erik Rumppe
PAII
University of California, Berkeley - LSO

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message