Let me correct this bug report - it looks like something broke between
3.3 m1 and 3.3 m2.
Authentication always brings up a "Basic" Authentication form,
regardless of my authentication method
specified.
My first guess is that the bug was introduced in
AccessInterceptor.java. Looking at the diffs in CVS
I don't see anything obvious. Maybe I'm looking in the wrong place....
Any thoughts?
-Tom
Thomas Riemer wrote:
> I'm trying to get 3.3 M2 URL Session rewriting to work.
>
> My server.xml includes:
>
> <SessionId cookiesFirst="false" noCookies="false" />
>
> My web.xml includes:
>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>SOMEREALM</realm-name>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/login.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> My login form looks like:
>
> <FORM name='loginForm' method="POST" action='<%=
> response.encodeURL("j_security_check")%>'>
> <input TYPE="text" NAME="j_username" SIZE=20 MAXLENGTH=40 tabindex=1>
> <INPUT TYPE="password" NAME="j_password" SIZE=20 tabindex=2>
> </FORM>
>
> Here is the behavior I'm seeing:
> 1) with cookies turned on for my browser, I get a "Basic" Auth popup
> request for authentication.
> I don't really understand why I am getting this, since I've
> specifically indicated FORM as my auth-method
>
> 2) When I turn on cookies on my browser, and change SessionID on
> server.xml to:
> <SessionId cookiesFirst="true" noCookies="false" />
>
> I get a form page and authentication works fine.
>
> I'm wondering if anyone has URL Session rewriting with auth FORM
> working?
> If so, is there any experiences you can offer to help me out with
> getting URL session rewriting to work.
>
> -Tom
I'm trying to get 3.3 M2 URL Session rewriting to work.
My server.xml includes:
<SessionId cookiesFirst="false" noCookies="false" />
My web.xml includes:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>SOMEREALM</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>
My login form looks like:
<FORM name='loginForm' method="POST" action='<%=
response.encodeURL("j_security_check")%>'>
<input TYPE="text" NAME="j_username" SIZE=20 MAXLENGTH=40 tabindex=1>
<INPUT TYPE="password" NAME="j_password" SIZE=20 tabindex=2>
</FORM>
Here is the behavior I'm seeing:
1) with cookies turned on for my browser, I get a "Basic" Auth popup
request for authentication.
I don't really understand why I am getting this, since I've
specifically indicated FORM as my auth-method
2) When I turn on cookies on my browser, and change SessionID on
server.xml to:
<SessionId cookiesFirst="true" noCookies="false" />
I get a form page and authentication works fine.
I'm wondering if anyone has URL Session rewriting with auth FORM
working?
If so, is there any experiences you can offer to help me out with
getting URL session rewriting to work.
-Tom
