tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin O'Shea" <app...@dsl.pipex.com>
Subject RE: Using multiple login pages
Date Wed, 05 Oct 2011 17:51:45 GMT
Maybe I've misunderstood something but I'm having a lot of trouble getting the login page to
display with the following:

<welcome-file-list>
        <welcome-file>/jsp/index/newjsp.jsp</welcome-file>
            </welcome-file-list>
    <!-- Error pages. -->
    <error-page>
        <error-code>403</error-code>
        <location>/jsp/error/error403.jsp</location>
    </error-page>
    <error-page>
        <error-code>404</error-code>
        <location>/jsp/error/error404.jsp</location>
    </error-page>
    <error-page>
        <error-code>408</error-code>
        <location>/jsp/error/error408.jsp</location>
    </error-page>
    <error-page>
        <exception-type>java.lang.Throwable</exception-type>
        <location>/jsp/error/error500.jsp</location>
    </error-page>
    <!-- Accessibility. -->
    <security-constraint>
        <display-name>Security Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>myApp</web-resource-name>
            <description/>            
            <url-pattern>/*</url-pattern> 
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>ADMIN</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

<login-config>
        <auth-method>FORM</auth-method>
        <realm-name>Form-Based Authentication Area</realm-name>
        <form-login-config>            
            <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
            <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
        </form-login-config>
    </login-config>
    
    <security-role>
        <description/>
        <role-name>ADMIN</role-name>
    </security-role>
    

All that newjsp.jsp in the welcome list contains is 'Hello World'. But running it in several
browsers, all I get is a warning about redirection. Other applications of mine using a single
log in page are fine. I can't see where this one is wrong.

-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net] 
Sent: 05 Oct 2011 18 39
To: Tomcat Users List
Subject: Re: Using multiple login pages

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin,

On 10/5/2011 11:41 AM, Martin O'Shea wrote:
> This follows on from yesterday's discussion about whether in my 
> application, I can have more than one page with an embedded login form 
> or not.
> 
> I've been looking over the servlet spec (V2.2) and it seems that I 
> can't actually do this which is a shame.

Do what, have different login pages for different types of resources you're trying to reach?
Sure you can: try reading my responses.

> So I'm now looking at a more conventional log in from a login page.
> But can anyone explain to me why I don’t see my login page when I run 
> the application?
> 
> Login.jsp contains the following:

This isn't relevant if you're not seeing it.

> Which corresponds to the following in web.xml:
> 
> <welcome-file-list>
> <welcome-file>/jsp/about/concept.jsp</welcome-file>
> </welcome-file-list>
> 
> <security-constraint> <web-resource-collection> 
> <url-pattern>/aboutConcept</url-pattern>
> </web-resource-collection> <auth-constraint> <description/> 
> <role-name>ADMIN</role-name> </auth-constraint> </security-constraint

> >
> 
> <login-config> <form-login-config>
> <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
>
> 
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
> </form-login-config> </login-config>
> 
> But when I run the application, all I get is the html of the page 
> specified in the welcome file list?

Is that a question or a statement?

> But if I then invoke a link from the welcome file, I get the login 
> page. Surely it should be the other way around?

Your welcome file is not protected in any way, so you are not challenged for credentials.
If you want to login to see every page on your site, you should have <url-pattern>/*</url-pattern>
in your <web-resource-collection>.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6MlkYACgkQ9CaO5/Lv0PB3nQCfRf0g/erXaD2kOPyaBCMJW/h0
Ce0An0EbOElkSImGQYK8y+JkZdtcrIqL
=wbh5
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message