tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Chester <dean.g.ches...@googlemail.com>
Subject Re: Keep having to login with container based authentaction.
Date Thu, 20 Aug 2009 11:36:04 GMT
Sorry about that.
Yes i have a index page in the restricted area that has links to other
restricted jsps. The Logs are not reporting anything. How do you mean encode
your urls? I haven't set a time out in the web.xml file so its using the
default. The time between clicks is usually about 1-2 seconds. Here is some
of my web.xml file:
<security-constraint>
        <web-resource-collection>
            <web-resource-name>users</web-resource-name>
            <url-pattern>/add/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>admin</web-resource-name>
            <url-pattern>/admin/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login-error.jsp</form-error-page>
        </form-login-config>
    </login-config>

     <security-role>
        <role-name>admin</role-name>
    </security-role>
    <security-role>
        <role-name>user</role-name>
    </security-role>
I am using the default realm which i know works.
Dean

On Thu, Aug 20, 2009 at 12:19 PM, Pid <pid@pidster.com> wrote:

> On 20/08/2009 11:55, Dean Chester wrote:
>
>> Sorry Tomcat 6.20, Red Hat Enterprise edition 4 i think. java 1.6. And i
>> mean once logged in i have to login again after clicking on a link in
>> the restricted area.
>> Dean
>>
>
> You don't need to reply-to-all, just to the list.  I'm obviously on the
> mailing list, so I'll get the message anyway - I don't need it twice.
>
>  /myapp/index.jsp
>  /myapp/secure/index.jsp
>  /myapp/secure/page2.jsp
>
> So you're logging into the secure area, and trying to view, e.g. page2.jsp
> from a link on the e.g. index.jsp page?
>
> Do the logs have any errors in them?
> If so, what are they?
>
> Are you encoding all of the URLs properly?
>
> How long between clicks?
>
> What is the session timeout in your web.xml?
>
> How have you defined the <security-constraint> in web.xml?
>
> Which Realm are you using?
>
> Perhaps you could post a little bit more information?
>
> p
>
>
>
>  On Thu, Aug 20, 2009 at 11:23 AM, Pid <pid@pidster.com
>> <mailto:pid@pidster.com>> wrote:
>>
>>    On 20/08/2009 10:40, Dean Chester wrote:
>>
>>        Hi,
>>        I've written my application using j_security_check yet i keep
>>        having to log
>>        in in the restricted area. Has anyone else experienced this?
>>
>>
>>    Yep. I have to log in each time I want to use our app - it's a side
>>    effect of implementing security.
>>
>>    Or is your question referring to a less vague and more specific issue?
>>
>>
>>
>>        Because it works with a small amount of JSPs and then when i
>>        implement it all in to my
>>        application it doesn't work.
>>
>>
>>    I might need to warm up my Internet Telepathy(tm) without some more
>>    information...
>>
>>
>>
>>        Where am i most likely going wrong?
>>
>>
>>    Not telling us your Tomcat version, JVM version, OS version...
>>
>>    p
>>
>>
>>        Thanks in advance
>>        Dean
>>
>>
>>
>>    ---------------------------------------------------------------------
>>    To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>    <mailto:users-unsubscribe@tomcat.apache.org>
>>    For additional commands, e-mail: users-help@tomcat.apache.org
>>    <mailto:users-help@tomcat.apache.org>
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message