tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Barbara Newton <barbara.new...@gmail.com>
Subject Re: Form Authentication
Date Thu, 18 Apr 2013 18:17:45 GMT
Thank you for your reply.  I figured it out...someone had put a security
constrain on "/" which meant everything ended up passing through the form
authenticator.  Once I removed the constraint everything started working.
 So yay for me.


=========================================================
The major difference between a thing that might go wrong and a thing that
cannot possibly go wrong is that when a thing that cannot possibly go wrong
goes wrong it usually turns out to be impossible to get at or repair
                                                   ---* Douglas Adams*


On Thu, Apr 18, 2013 at 11:16 AM, C├ędric Couralet <cedric.couralet@gmail.com
> wrote:

> Hello,
>
> Without knowing how are your security-constraint, and where are the
> css file, I don't think anyone could help you.
>
> Did you try as a last measure to force css file to pass through the
> authentification, something as :
> <security-constraint>
>
> <web-resource-collection><url-pattern>*.css</url-pattern></web-resource-collection>
> </security-constraint>
>
> (probably not a valid security-constraint, just to give the idea)
>
> I did this kind of thing for the favicon. We had a webapp entirely
> protected by form authentication and on firefox after authentication
> we were directed to the favicon.ico (when one existed). Firefox seems
> to get the favicon after the first request even when the status is
> 401... So we had to add a special security-constraint for the favicon
> for our application to work correctly and correct that firefox
> behavior (I want to say bug, but I'm sure there is a very good
> explanation for this :).
>
>
>
> 2013/4/18 Barbara Newton <barbara.newton@gmail.com>:
> > This is driving me crazy!  I have configured from authentication in my
> > web.xml with a number of security constraints.  None of the constraints
> map
> > to any CSS files.  However, when I bring up the application the CSS files
> > are hitting the authentication.  Since my form has styling this is a
> > problem of the chicken-and-egg sort since the CSS files are not
> > authenticated yet.
> >
> > On top of that, when I do successfully authenticate, the CSS file is the
> > one that has been saved by the authenticator and is the one that is
> > returned so the browser just brings up the raw CSS file.
> >
> > Any thoughts?  Ideas?
> >
> > =========================================================
> > The major difference between a thing that might go wrong and a thing that
> > cannot possibly go wrong is that when a thing that cannot possibly go
> wrong
> > goes wrong it usually turns out to be impossible to get at or repair
> >                                                    ---* Douglas Adams*
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message