tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Chester <dean.g.ches...@googlemail.com>
Subject Re: Keep having to login with container based authentaction.
Date Thu, 20 Aug 2009 11:40:22 GMT
By default realm i mean the one that is set up in the server.xml and it is a
JDBC Realm.
Dean

On Thu, Aug 20, 2009 at 12:36 PM, Dean Chester <
dean.g.chester@googlemail.com> wrote:

> Sorry about that.
> Yes i have a index page in the restricted area that has links to other
> restricted jsps. The Logs are not reporting anything. How do you mean encode
> your urls? I haven't set a time out in the web.xml file so its using the
> default. The time between clicks is usually about 1-2 seconds. Here is some
> of my web.xml file:
> <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>users</web-resource-name>
>             <url-pattern>/add/*</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>user</role-name>
>             <role-name>admin</role-name>
>         </auth-constraint>
>     </security-constraint>
>
>     <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>admin</web-resource-name>
>             <url-pattern>/admin/*</url-pattern>
>         </web-resource-collection>
>         <auth-constraint>
>             <role-name>admin</role-name>
>         </auth-constraint>
>     </security-constraint>
>
>     <login-config>
>         <auth-method>FORM</auth-method>
>         <form-login-config>
>             <form-login-page>/login.jsp</form-login-page>
>             <form-error-page>/login-error.jsp</form-error-page>
>         </form-login-config>
>     </login-config>
>
>      <security-role>
>         <role-name>admin</role-name>
>     </security-role>
>     <security-role>
>         <role-name>user</role-name>
>     </security-role>
> I am using the default realm which i know works.
> Dean
>
> On Thu, Aug 20, 2009 at 12:19 PM, Pid <pid@pidster.com> wrote:
>
>> On 20/08/2009 11:55, Dean Chester wrote:
>>
>>> Sorry Tomcat 6.20, Red Hat Enterprise edition 4 i think. java 1.6. And i
>>> mean once logged in i have to login again after clicking on a link in
>>> the restricted area.
>>> Dean
>>>
>>
>> You don't need to reply-to-all, just to the list.  I'm obviously on the
>> mailing list, so I'll get the message anyway - I don't need it twice.
>>
>>  /myapp/index.jsp
>>  /myapp/secure/index.jsp
>>  /myapp/secure/page2.jsp
>>
>> So you're logging into the secure area, and trying to view, e.g. page2.jsp
>> from a link on the e.g. index.jsp page?
>>
>> Do the logs have any errors in them?
>> If so, what are they?
>>
>> Are you encoding all of the URLs properly?
>>
>> How long between clicks?
>>
>> What is the session timeout in your web.xml?
>>
>> How have you defined the <security-constraint> in web.xml?
>>
>> Which Realm are you using?
>>
>> Perhaps you could post a little bit more information?
>>
>> p
>>
>>
>>
>>  On Thu, Aug 20, 2009 at 11:23 AM, Pid <pid@pidster.com
>>> <mailto:pid@pidster.com>> wrote:
>>>
>>>    On 20/08/2009 10:40, Dean Chester wrote:
>>>
>>>        Hi,
>>>        I've written my application using j_security_check yet i keep
>>>        having to log
>>>        in in the restricted area. Has anyone else experienced this?
>>>
>>>
>>>    Yep. I have to log in each time I want to use our app - it's a side
>>>    effect of implementing security.
>>>
>>>    Or is your question referring to a less vague and more specific issue?
>>>
>>>
>>>
>>>        Because it works with a small amount of JSPs and then when i
>>>        implement it all in to my
>>>        application it doesn't work.
>>>
>>>
>>>    I might need to warm up my Internet Telepathy(tm) without some more
>>>    information...
>>>
>>>
>>>
>>>        Where am i most likely going wrong?
>>>
>>>
>>>    Not telling us your Tomcat version, JVM version, OS version...
>>>
>>>    p
>>>
>>>
>>>        Thanks in advance
>>>        Dean
>>>
>>>
>>>
>>>    ---------------------------------------------------------------------
>>>    To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>    <mailto:users-unsubscribe@tomcat.apache.org>
>>>    For additional commands, e-mail: users-help@tomcat.apache.org
>>>    <mailto:users-help@tomcat.apache.org>
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message