Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #22506 > unrolled thread

Java Application

Started byScott <sumphrey@socket.com>
First post2013-02-25 08:49 -0800
Last post2013-02-25 21:52 -0500
Articles 3 — 3 participants

Back to article view | Back to comp.lang.java.programmer

Contents

  Java Application Scott <sumphrey@socket.com> - 2013-02-25 08:49 -0800
    Re: Java Application lipska the kat <"nospam at neversurrender dot co dot uk"> - 2013-02-25 17:22 +0000
    Re: Java Application Arne Vajhøj <arne@vajhoej.dk> - 2013-02-25 21:52 -0500

#22506 — Java Application

FromScott <sumphrey@socket.com>
Date2013-02-25 08:49 -0800
SubjectJava Application
Message-ID<32f5921b-5228-4cca-9552-0445d75f1ac0@googlegroups.com>
I am trying to create a web application called hotdotcom. It is an example from Hall’s Core Servlets and JavaServer Pages Volume 2: Advanced Technologies - Second Edition. It is found in Chapter 3: Declarative Security – 3.1 Form-Based Authentication.

The web application uses container-managed security: From-based. The web.xml is below. I am running Tomcat 3.3.1 on my PC. When I click a protected URL I receive the login form just fine, but when I fill it out I am always sent to my login-error.jsp page. I have added four users to Tomcat’s <install_dir>conf/tomcat-users.xml file. (Also below)

I receive the following statement in the Tomcat log: 
2013-02-25 08:30:22 - Http10Interceptor: Starting on 8080
2013-02-25 08:30:22 - Ajp12Interceptor: Starting on 8007
2013-02-25 08:30:22 - Ajp13Interceptor: Starting on 8009
EmbededTomcat: Startup time 56
2013-02-25 08:31:46 - SessionIdGenerator: Created random class java.security.Sec
ureRandom
2013-02-25 08:31:59 - Ctx(/hotdotcom) : From login without a session

web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
    "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">

<web-app>

  <!-- Disable the invoker servlet -->
  <servlet>
    <servlet-name>NoInvoker</servlet-name>
	<servlet-class>coreservlets.NoInvokerServlet</servlet-class>
  </servlet>
  
  <servlet-mapping>
    <servlet-name>NoInvoker</servlet-name>
	<url-pattern>/servlet/*</url-pattern>
  </servlet-mapping>

  <!-- If the URL (submitted by the client) gives a directory but no filename, try index.jsp first and 
       index.html second. If neither is found, the result is server specific (e.g., a directory listing). -->
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>index.html</welcome-file>
  </welcome-file-list>
  
  <!-- Propect everyting within the "investing" directory -->
  <security-constraint>
    <web-resource-collection>
	  <web-resource-name>Investing</web-resource-name>
	  <url-pattern>/investing/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
	  <role-name>registered-user</role-name>
	  <role-name>administrator</role-name>	  
	</auth-constraint>
  </security-constraint>  
  
  <!-- Tell the server to use form-based authentication -->
  <login-config>
    <auth-method>FORM</auth-method>
	<form-login-config>
	  <form-login-page>/admin/login.jsp</form-login-page>
	  <form-error-page>/admin/login-error.jsp</form-error-page>
	</form-login-config>
  </login-config>  
  
    <!-- Declare security roles used in this application.-->
  <security-role>
    <role-name>administrator</role-name>	
  </security-role>
  <security-role>
    <role-name>registered-user</role-name>	
  </security-role>
   
</web-app>

tomcat-users.xml
<tomcat-users>  

<!-- 2/4/2013 SDU Added on 2/4/2013 -->
  <role rolename="registered-user" />
  <role rolename="administrator" />  
  
  <user name="john" password="nhoj" roles="registered-user" />
  <user name="jane" password="enaj" roles="registered-user" />
  <user name="juan" password="nauj" roles="administrator" />
  <user name="juana" password="anauj" roles="administrator,registered-user" />  
  
<!-- Original contents of tomcat-users.xml-->  

  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="role1"  password="tomcat" roles="role1"  />
  <user name="both"   password="tomcat" roles="tomcat,role1" />
</tomcat-users>

[toc] | [next] | [standalone]

#22507

Fromlipska the kat <"nospam at neversurrender dot co dot uk">
Date2013-02-25 17:22 +0000
Message-ID<tNGdnVqEvsJpALbMnZ2dnUVZ8v2dnZ2d@bt.com>
In reply to#22506
On 25/02/13 16:49, Scott wrote:
> I am trying to create a web application called hotdotcom.

Were you aware that there is an excellent Tomcat users mailing list

If you don't get the help you need here you might try
the list.

More info from

http://tomcat.apache.org/lists.html#Apache_Tomcat_Mailing_Lists

lipska

-- 
Lipska the Kat©: Troll hunter, sandbox destroyer
and farscape dreamer of Aeryn Sun

[toc] | [prev] | [next] | [standalone]

#22516

FromArne Vajhøj <arne@vajhoej.dk>
Date2013-02-25 21:52 -0500
Message-ID<512c2368$0$287$14726298@news.sunsite.dk>
In reply to#22506
On 2/25/2013 11:49 AM, Scott wrote:
> I am trying to create a web application called hotdotcom. It is an
> example from Hall’s Core Servlets and JavaServer Pages Volume 2:
> Advanced Technologies - Second Edition. It is found in Chapter 3:
> Declarative Security – 3.1 Form-Based Authentication.
>
> The web application uses container-managed security: From-based. The
> web.xml is below. I am running Tomcat 3.3.1 on my PC. When I click a
> protected URL I receive the login form just fine, but when I fill it out
> I am always sent to my login-error.jsp page. I have added four users to
> Tomcat’s <install_dir>conf/tomcat-users.xml file. (Also below)
>
> I receive the following statement in the Tomcat log:
> 2013-02-25 08:30:22 - Http10Interceptor: Starting on 8080
> 2013-02-25 08:30:22 - Ajp12Interceptor: Starting on 8007
> 2013-02-25 08:30:22 - Ajp13Interceptor: Starting on 8009
> EmbededTomcat: Startup time 56
> 2013-02-25 08:31:46 - SessionIdGenerator: Created random class java.security.Sec
> ureRandom
> 2013-02-25 08:31:59 - Ctx(/hotdotcom) : From login without a session

You should have a lot more log in the two log files produced by Tomcat.

> tomcat-users.xml
> <tomcat-users>
>
> <!-- 2/4/2013 SDU Added on 2/4/2013 -->
>    <role rolename="registered-user" />
>    <role rolename="administrator" />
>
>    <user name="john" password="nhoj" roles="registered-user" />
>    <user name="jane" password="enaj" roles="registered-user" />
>    <user name="juan" password="nauj" roles="administrator" />
>    <user name="juana" password="anauj" roles="administrator,registered-user" />
>
> <!-- Original contents of tomcat-users.xml-->
>
>    <user name="tomcat" password="tomcat" roles="tomcat" />
>    <user name="role1"  password="tomcat" roles="role1"  />
>    <user name="both"   password="tomcat" roles="tomcat,role1" />
> </tomcat-users>

I am wondering whether the reference to two not defined
roles may cause problems.

Could you try fix that?

Arne

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.java.programmer

csiph-web