tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Tomcat 7 authentication error only with IE8 or IE7
Date Tue, 10 Aug 2010 15:08:08 GMT
2010/8/10 Eli Chernos <elic@treepodia.com>:
> Hi all,
>
> I have migrated a Tom Cat 6.0.14 server running on Windows 2003 server to a
> Windows 2008 server running Tom Cat 7.0.0.
> Every thing is running great except for when I try to access a restricted
> folder(password protected) configured with (POST method).
> When I try to access a restricted folder the login page is displayed like it
> should and when I enter the correct user name and password I'm forwarded to
> the requested page.
>
> The issue is that once I do this with ie8 or ie7 I receive a:
>
> HTTP Status 408 - The time allowed for the login process has been exceeded.
> If you wish to continue you must either click back twice and re-click the
> link you requested or close and re-open your browser
>
>
> and on the address bar the /j_security_check is displayed after the
> requested URL.
>
> I should note that it's definitely not a timeout issue, the setting is
> default (30) I believe.
> I copied the tomcat-users.xml and web.xml exactly as they where on the old
> machine, in addition when I try to access the same page with FireFox or
> Chrome or any other browser there is no problem at all
>
> The only clue I was able to find was in the logs, saying:
>
> Line 86: INFO: WARNING: Security role name ***** used in an
> <auth-constraint> without being defined in a <security-role>
>
> Any ideas guys?
> Any help would be really appreciated as I have no clue what might be the
> cause of this .
>
> --
> Thanks & Regards
> Eli C
>

No clue as well yet either, though

1. You may try with 7.0.2.

See "[VOTE] Release Apache Tomcat 7.0.2" thread on dev@ for a download link.

There was a bug with handling of a session cookie (49598) that is
already fixed. I think that it can cause such behaviour.


2. The product name is "Tomcat" or "Apache Tomcat".

Please spell it properly.
http://tomcat.apache.org/legal.html

3. The "HTTP Status 408" page is displayed by Tomcat? Is Tomcat
running standalone, or behind another web server?

4.
> Line 86: INFO: WARNING: Security role name ***** used in an
> <auth-constraint> without being defined in a <security-role>

You can fix the mentioned error, don't you?


Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message