tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From C├ędric Couralet <cedric.coura...@gmail.com>
Subject Re: Form Authentication
Date Thu, 18 Apr 2013 18:16:00 GMT
Hello,

Without knowing how are your security-constraint, and where are the
css file, I don't think anyone could help you.

Did you try as a last measure to force css file to pass through the
authentification, something as :
<security-constraint>
<web-resource-collection><url-pattern>*.css</url-pattern></web-resource-collection>
</security-constraint>

(probably not a valid security-constraint, just to give the idea)

I did this kind of thing for the favicon. We had a webapp entirely
protected by form authentication and on firefox after authentication
we were directed to the favicon.ico (when one existed). Firefox seems
to get the favicon after the first request even when the status is
401... So we had to add a special security-constraint for the favicon
for our application to work correctly and correct that firefox
behavior (I want to say bug, but I'm sure there is a very good
explanation for this :).



2013/4/18 Barbara Newton <barbara.newton@gmail.com>:
> This is driving me crazy!  I have configured from authentication in my
> web.xml with a number of security constraints.  None of the constraints map
> to any CSS files.  However, when I bring up the application the CSS files
> are hitting the authentication.  Since my form has styling this is a
> problem of the chicken-and-egg sort since the CSS files are not
> authenticated yet.
>
> On top of that, when I do successfully authenticate, the CSS file is the
> one that has been saved by the authenticator and is the one that is
> returned so the browser just brings up the raw CSS file.
>
> Any thoughts?  Ideas?
>
> =========================================================
> The major difference between a thing that might go wrong and a thing that
> cannot possibly go wrong is that when a thing that cannot possibly go wrong
> goes wrong it usually turns out to be impossible to get at or repair
>                                                    ---* Douglas Adams*

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message