10 messages in org.apache.tomcat.usersRe: authorization using tomcat...| From | Sent On | Attachments |
|---|---|---|
| Padhu Vinirs | Oct 2, 2002 7:19 am | |
| Rick Fincher | Oct 2, 2002 7:39 am | |
| Craig R. McClanahan | Oct 2, 2002 9:07 am | |
| Mubaraka Arif | Oct 2, 2002 9:51 am | |
| Padhu Vinirs | Oct 2, 2002 10:58 am | |
| Padhu Vinirs | Oct 2, 2002 11:07 am | |
| Padhu Vinirs | Oct 2, 2002 11:18 am | |
| Rick Fincher | Oct 2, 2002 11:58 am | |
| Rick Fincher | Oct 2, 2002 12:02 pm | |
| Rick Fincher | Oct 2, 2002 12:10 pm |
| Subject: | Re: authorization using tomcat... | |
|---|---|---|
| From: | Padhu Vinirs (p.pa...@verizon.net) | |
| Date: | Oct 2, 2002 11:18:58 am | |
| List: | org.apache.tomcat.users | |
Now I am able to access the secure page through the login page. But even if I close the browser ( whcih i assume will close the session ), and restart it, I am able to access the secure page without going through the login page. Is there a place where I need to say that the login info should not be a permanent cookie but only session scope ???
Thanks
-- padhu
Rick Fincher wrote:
Hi Padu,
It looks like you have this set up OK. Do you have a memory realm set up in conf/web.xml as is required for this setup?
Also, since your transport guarantee is set up as confidential it is going to use SSL so you either have to use an HTTPS:// url or you have to have redirection turned on in port 80 (or whatever your HTTP port is) in conf/web.xml.
If your HTTPS port isn't 443 you'll have to have :8443 (if 8443 is the HTTPS port) in the url too.
Rick
----- Original Message ----- From: "Padhu Vinirs" <p.pa...@verizon.net> To: <tomc...@jakarta.apache.org> Sent: Wednesday, October 02, 2002 10:19 AM Subject: authorization using tomcat...
I am testing web resource form-based authentication. I have created a dummy jsp page "Details.jsp" and have created the following nodes in web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>SecurePages</web-resource-name> <url-pattern>Details.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>EditUsers</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>Users who can edit</description> <role-name>EditUsers</role-name> </security-role>
I have created a "EditUsers" role in tomcat-users.xml.
But when I access "Details.jsp", I am redirected to the Netscape search page !!! I am able to access the login and error.jsp pages fine.
Any ideas ?