Many thanks Mark for all your valuable help. I have managed it working my
customization by extending the class GenericPrinicipal.
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Thursday, May 19, 2016 4:33 PM
To: Tomcat Users List
Subject: Re: BASIC authentication
customization
> point of view.
>
> Removing the default files'tomcat-users.txt' and 'tomcat-users.xsd' from
> \config, will it make any difference?
>
>
>
> Thanks in advance
>
>
>
> -----Original Message-
>
> Fro
: Wednesday, May 18, 2016 5:23 PM
To: Tomcat Users List
Subject: RE: BASIC authentication problem in tomcat8.0.33
This was typo in while writing mail. When I debug my customized code until it
is returning the principal everything seems to be good from customization point
of view.
Removing the default
fference?
Thanks in advance
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Wednesday, May 18, 2016 5:18 PM
To: Tomcat Users List
Subject: Re: BASIC authentication problem in tomcat8.0.33
On 18/05/2016 12:47, Mark Thomas wrote:
> On 18/05/2016 11:07, Venkata Reddy
On 18/05/2016 12:47, Mark Thomas wrote:
> On 18/05/2016 11:07, Venkata Reddy P wrote:
>> Hi,
>>
>> I have been using the "BASIC authentication" from the tomcat3.x onwards,
>> unfortunately after migrating to tomcat8.0.33 it is broken.
>
> BASIC auth works for me with a clean 8.0.33 install. There
On 18/05/2016 11:07, Venkata Reddy P wrote:
> Hi,
>
> I have been using the "BASIC authentication" from the tomcat3.x onwards,
> unfortunately after migrating to tomcat8.0.33 it is broken.
BASIC auth works for me with a clean 8.0.33 install. Therefore this
looks like a problem with your custom c
On 4/14/2016 7:45 AM, King Kenneth wrote:
> All,
>
> Please provide an example of how to set a web application to BASIC within the
> web.xml file.
>
> Thanks,
>
> Kenneth King Jr.
> Booz l Allen l Hamilton
> Office (202) 317-5593
> Cell (203) 450-7941
Please read the appropriate servlet specif
Have you already googled for "tomcat basic authentication"? Which of the
numerous instructions did you have problems with? What nature were they?
Am 14.04.2016 um 16:45 schrieb King Kenneth:
> All,
>
> Please provide an example of how to set a web application to BASIC within the
> web.xml file.
>
> I am sorry this code was in the web.xml NOT server.xml
>> From: Michela, Andrew J (LABOR) [mailto:andrew.mich...@labor.ny.gov]
>> Subject: RE: Basic Authentication Valve not hitting on Tomcat7.0.20
>
>> I have that in the server.xml(see below) still no luck.
>&g
iginal Message-
> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
> Sent: Friday, February 17, 2012 11:07 AM
> To: Tomcat Users List
> Subject: RE: Basic Authentication Valve not hitting on Tomcat7.0.20
>
>> From: Michela, Andrew J (LABOR) [mailto:andr
I am sorry this code was in the web.xml NOT server.xml
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Friday, February 17, 2012 11:07 AM
To: Tomcat Users List
Subject: RE: Basic Authentication Valve not hitting on Tomcat7.0.20
> From: Mich
> From: Michela, Andrew J (LABOR) [mailto:andrew.mich...@labor.ny.gov]
> Subject: RE: Basic Authentication Valve not hitting on Tomcat7.0.20
> I have that in the server.xml(see below) still no luck.
>
??? Please read the servlet spec and the Tomcat doc, and show us where the
AM
To: Tomcat Users List
Subject: Re: Basic Authentication Valve not hitting on Tomcat7.0.20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 2/16/12 2:28 PM, Michela, Andrew J (LABOR) wrote:
> I have that in the server.xml still no luck
You have *what* in server.xml, and what does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 2/16/12 2:28 PM, Michela, Andrew J (LABOR) wrote:
> I have that in the server.xml still no luck
You have *what* in server.xml, and what does "no luck" mean?
Did you reply to the wrong thread?
- -chris
-BEGIN PGP SIGNATURE-
Versi
List
Subject: Re: Basic Authentication Valve not hitting on Tomcat7.0.20
2012/2/16 Christopher Schultz :
>
> On 2/16/12 8:26 AM, Sachin Mehrotra wrote:
>> BASIC My App
>> Realm
>
> I believe if you set to BASIC, Tomcat will add its own
> Valve to the valve chain. If
2012/2/16 Christopher Schultz :
>
> On 2/16/12 8:26 AM, Sachin Mehrotra wrote:
>> BASIC My App
>> Realm
>
> I believe if you set to BASIC, Tomcat will add its own
> Valve to the valve chain. If you don't set the here but
> still add your to context.xml, does that improve things?
>
IIRC Tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sachin,
On 2/16/12 8:26 AM, Sachin Mehrotra wrote:
> BASIC My App
> Realm
I believe if you set to BASIC, Tomcat will add its own
Valve to the valve chain. If you don't set the here but
still add your to context.xml, does that improve things?
-
On 16/02/2012 13:26, Sachin Mehrotra wrote:
> Do your logs indicate your custom authenticator is active or does it
> throw an error?
> ANS-->>> tomcat logs and other logs doesn't show any exception or even
> traces added in the valve class. In Tomcat 6 we are able to see logs
> added in our impleme
Do your logs indicate your custom authenticator is active or does it
throw an error?
ANS-->>> tomcat logs and other logs doesn't show any exception or even
traces added in the valve class. In Tomcat 6 we are able to see logs
added in our implemementation of AuthenticatorBase class.
How had you co
On 16/02/2012 12:30, Sachin Mehrotra wrote:
> Hi
>
> After upgrade from Tomcat 6 to Tomcat 7.0.20, our Basic Authentication
> valve is not hitting. It seems it is overlooking our implementation of
> Basic Authentication.
> Below is the implementation:
> We are having Realm that is doing authentica
2010/3/28 Binu Kuttikkattu Idicula :
> It is in corejspbean.war and after trying out
> /StringBean.jsp, the access is restricted only to
> the StringBean.jsp which was the real need. Thanks.
>
> A little curious about URL pattern if it is in webapps/corejspbean.. Does
> the pattern change? Is there
It is in corejspbean.war and after trying out
/StringBean.jsp, the access is restricted only to
the StringBean.jsp which was the real need. Thanks.
A little curious about URL pattern if it is in webapps/corejspbean.. Does
the pattern change? Is there any rule/documentation mentioing this?
On Sun,
2010/3/28 Binu Kuttikkattu Idicula :
> The exact URL which I access is
> http://localhost:8080/corejspbean/StringBean.jsp . How do I define a
> URLPattern for this?
/StringBean.jsp
I suppose that your application is "corejspbean.war" or is in
webapps/corejspbean
-
/*
Hi Harry,
When I replaced url to /* it is asking for a
user name password. The exact URL which I access is
http://localhost:8080/corejspbean/StringBean.jsp . How do I define a
URLPattern for this?
Thank you for your quick help.
Binu K Idicula
On Sun, Mar 28, 2010 at 5:56 PM, Harry Metske
I would think your url-pattern is not valid :
/*corejspbean*/StringBean.jsp
I don't know the exact rules for the pattern, but could you try first with
/* and see if that works, and then tweak the url-pattern further to your
needs ?
regards,
Harry
2010/3/28 Binu Kuttikkattu Idicula
> > Hi,
> >
> Hi,
>I was trying a very basic example of authentication using HTTP Basic
> Authentication. However this seems not working in TOMCAT 6.0.20 for my
> application. Here is the web.xml which tells about login
>
>
>
>
> application
>
>
>
>
>
>
>
>
>
> JSP
>
> /*corejspbean*/StringBean.jsp
>
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 1/21/2010 6:35 PM, André Warnier wrote:
Basically, I would tend to say that if the server knows who the clients
are and vice-versa, you should be free to use any encoding you want,
with the limitation that what
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 1/21/2010 6:35 PM, André Warnier wrote:
> Basically, I would tend to say that if the server knows who the clients
> are and vice-versa, you should be free to use any encoding you want,
> with the limitation that what is exchanged on the wire
To get back to the underlying issue :
Auth Gábor wrote:
So... this is the real chaos... :)
Yes.
By the way, my users are not use HTML browsers, they are using JAX-WS in their
client program, and the JAX-WS sends authentication data in UTF-8 (like
Opera), because the default encoding is U
Christopher Schultz wrote:
...
Nice that someone looked at actual behavior of the browsers.
There is an easy way to find out what really happens.
Gábor,
I presume that you have a workstation set for iso-8859-2 (or whichever
non iso-8859-1 charset is appropriate for Magyar, I forgot), and a
b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gábor,
On 1/21/2010 9:16 AM, Auth Gábor wrote:
> Mark Thomas wrote:
>>OCTET =
>>CTL= > (octets 0 - 31) and DEL (127)>
>>
>> So actually, Tomcat is correct in the current treatment of creden
Hi,
Mark Thomas wrote:
>OCTET =
>CTL= (octets 0 - 31) and DEL (127)>
>
> So actually, Tomcat is correct in the current treatment of credentials.
> Therefore, not a bug.
Yes, but the UTF-8 encoded text is contains any 8-bit sequence o
Mark Thomas wrote:
On 21/01/2010 06:55, André Warnier wrote:
Mark Thomas wrote:
The authorisation header is base64
encoded so it is automatically compliant with RFC2616.
Yes, it sounds like you're right; my mistake.
(Also for Gabor, I admit my mistake.)
I agree that the HTTP header itself is
On 21/01/2010 06:55, André Warnier wrote:
> Mark Thomas wrote:
>> The authorisation header is base64
>> encoded so it is automatically compliant with RFC2616.
>>
> Yes, it sounds like you're right; my mistake.
> (Also for Gabor, I admit my mistake.)
>
> I agree that the HTTP header itself is corre
Mark Thomas wrote:
On 21/01/2010 06:12, André Warnier wrote:
Auth Gábor wrote:
Hi,
I've found a potential bug in the Basic Authentication module. I have
users and some user's username is contains national characters
(encoded in UTF-8). The HTTP header based authentication is fails when
the use
On 21/01/2010 06:12, André Warnier wrote:
> Auth Gábor wrote:
>> Hi,
>>
>> I've found a potential bug in the Basic Authentication module. I have
>> users and some user's username is contains national characters
>> (encoded in UTF-8). The HTTP header based authentication is fails when
>> the usernam
Hi,
André Warnier wrote:
>> I've found a potential bug in the Basic Authentication module. I have
>> users and some user's username is contains national characters (encoded
>> in UTF-8). The HTTP header based authentication is fails when the
>> username or the password contains multibyte character
On 21/01/2010 05:54, Auth Gábor wrote:
> Hi,
>
> I've found a potential bug in the Basic Authentication module. I have users
> and some user's username is contains national characters (encoded in UTF-8).
> The HTTP header based authentication is fails when the username or the
> password contain
Auth Gábor wrote:
Hi,
I've found a potential bug in the Basic Authentication module. I have users
and some user's username is contains national characters (encoded in UTF-8).
The HTTP header based authentication is fails when the username or the
password contains multibyte characters.
The r
There's one thing you may do: implement an authentication web service on
tomcat's side. Make a wsdl service running on it accepting request on
whether given encrypted session id is a valid one, service does check either
a running session use that id and simply replies OK or KO. But that means
imple
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tokajac,
On 5/3/2009 2:06 PM, Tokajac wrote:
> User should access the application directly (not proxying).
> On
> http://hc.apache.org/httpclient-3.x/tutorial.html
> as I see header is created for programatic access and not via browser.
>
> Is it pos
Hi.
So now we're making progress.
Unfortunately, I don't think that there is a "simple" solution.
I think that the easiest solution to implement in this case, would be :
- remove the authentication filter you have at the Tomcat level.
- put an Apache httpd front-end to /both/ your Struts applica
Answer on the FIRST question:
I want to have Struts and php applications on separate hosts (if possible).
If not, I will consider possibility for putting them on same host...
SECOND:
Tomcat application is using j_security_check, not Basic authentication.
User-id and password are kept in sessio
Mmmm wait.. I think I am starting to understand what you want.
A question first : are the Tomcat server (+Struts) and the php
application on the same host ?
A second question : does your Tomcat host know the login user-id and
password of the users ? In other words, can the host where Tomcat r
Tokajac wrote:
I think my idea would be scenario 4.)
I want to:
1.)
Open a browser and write Tomcat application's address
(localhost:8080/myapp);
2.)
Write username and password in login fields of the application;
3.)
Save credentials in session after successful login;
4.)
Have link to comp
I think my idea would be scenario 4.)
I want to:
1.)
Open a browser and write Tomcat application's address
(localhost:8080/myapp);
2.)
Write username and password in login fields of the application;
3.)
Save credentials in session after successful login;
4.)
Have link to completely separate ap
Imre,
just repeating some of the things you've said previously :
Tokajac wrote:
I want to connect applications: one is running on Tomcat (Java/Struts) with
another (php).
I want to pass credentials after link is clicked, so I don't need to fill
the username and password informations. I s
The browser takes care of that, and you should not be trying to over-
ride it.
If you don't want to retype the username/password all the time, then
you can
tell teh browser to remember the password, or have the server in
question not
asking for the password, understanding the consequences - th
Thank you for the link, André-John!
User should access the application directly (not proxying).
On
http://hc.apache.org/httpclient-3.x/tutorial.html
as I see header is created for programatic access and not via browser.
Is it possible to do this when I use browser for accessing? How?
Regards
On 3-May-2009, at 08:11, Tokajac wrote:
Now why would you want to do that ?
I want to connect applications: one is running on Tomcat (Java/
Struts) with
another (php).
I have an application running on Tomcat that has a link to other
application
which is on another server. Application on
>Now why would you want to do that ?
I want to connect applications: one is running on Tomcat (Java/Struts) with
another (php).
I have an application running on Tomcat that has a link to other application
which is on another server. Application on another server is protected with:
http://en.wikip
Tokajac wrote:
Hello!
I'm developing a Tomcat, Struts application.
I want to send credentials to the Authentication Dialog that's shown by
application which is running on another server.
With this idea, I'd connect 2 application: the Tomcat application should
have a redirection link to the oth
Tom Cat wrote:
> /myAdmin/admin.html
This should be:
/admin.html
>
> I think this should be enough to require authentication when someone
> goes to http://localhost:8080/myAdmin/admin.html on the local machine.
> And yet, it allows everyone access to the page, without even promptin
Hi Chris,
I figured out why the code I wrote did not work(had to look into the
Authentication class inside Tomcat source code to figure it out!).
The reason was when I was setting Request Property for Authentication, I
was missing a space
setRequestProperty("Authorization","Basic"+Base64.encode(in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ram,
[EMAIL PROTECTED] wrote:
| with authentication turned
| on, i receive a HTTP 401 error from the server when i try to undeploy.
This is how it's supposed to work.
| I am using standard code to access the tomcat manager, and am using basic
| aut
At 06:05 PM 7/13/2007, you wrote:
"Thomas Hicks" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>I have a web application which uses BASIC authentication.
>
> In Tomcat 5.0.28 (under Java 1.5 and Fedora Core 4) accessing
> the protected webapp causes the browser to popup a login box
"Thomas Hicks" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>I have a web application which uses BASIC authentication.
>
> In Tomcat 5.0.28 (under Java 1.5 and Fedora Core 4) accessing
> the protected webapp causes the browser to popup a login box
> where username and password are
> From: Thomas Hicks [mailto:[EMAIL PROTECTED]
> Subject: BASIC authentication in Tomcat 5.5.x vs. 5.0.x?
>
> The web.xml file for the web application contains the
> following security configuration portion, which enables
> password access in 5.0.x but doesn't work in 5.5.x:
The problem is very
Zohar wrote:
> Hello list,
> I'm using BASIC authentication with tomcat 5.5 and I wanted to know whether
> it is possible to return some text when the user login fails (e.g. "you typed
> in the wrong password"). Is it?
Short answer: no.
This sort of behaviour is generally a bad idea as it gives
jamurph wrote:
>>From your response, it looks like JNDI, JDBC, digested passwords with digest
> authentication, are not supported until Tomcat version 5.5.5? It would
> explain why DIGEST with JNDI / JDBC doesn't work if running tomcat 5.0.28.
> I'm looking in the release notes but cann't see anyth
Mark, I've running Tomcat 5.0.28. BASIC is working ok with JDBC and JNDI, but
when I change to DIGEST, login fails (401). I don't see anything in the log
files and it looks like Tomcat isn't even trying to authenticate the user.
Cann't see anything in LDAP logs for example. The password is stored
[mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 08, 2006 4:38 PM
To: Tomcat Users List
Subject: Re: BASIC authentication to DIGEST authentication
Jay Burgess wrote:
> Given that I've got BASIC authentication working for my webapp using cleartext
> passwords, shouldn't I simply be
Jay Burgess wrote:
> Given that I've got BASIC authentication working for my webapp using cleartext
> passwords, shouldn't I simply be able to change my from "BASIC"
> to
> "DIGEST" in and it should start working using digest
> authentication?
>
> It's not, obviously, but I've seen previous p
63 matches
Mail list logo
