En l'instant précis du 01/22/07 17:05, Marcel Frehner s'exprimait en ces termes: > Thank you for your answer David. My conclusion would be to move my > protected resources to a separate folder and adjust my web.xml > accordingly. Of course you were absolutely right about the 403 status. > My Firefox had an existing but not authorised user stored and I kept > testing with that one. > > And instead of a link from the error.html back to the login.html, I > would either add a login form to the error page or link to a page that > needs authentication and causes Tomcat to return the login form again, > wouldn't I? Add a link on error page back to an area needing authentification, so tomcat show login again. > > I think I understand that now, thanks! > Marcel > > At 16:29 22.01.2007 +0100, you wrote: >> I see several potential problems as a side note before the core >> problem... >> First, you map your security constraint to /*, that mean *nothing* in >> your webapp will be accessible prior to login, this includes >> pictures, css. >> Second, be aware to never access directly login.html, it should be >> tomcat that send the content of login.html to user upon needing >> authentification. To make your test, for example, direct your browser to >> /index.html (yes authentifcication take place even if file does not >> exist :p). Take this into account when adding a 'link' to login form in >> your error document >> >> Now, core of problem. Tomcat sends an error 403 header along with the >> content of your error page. This happens when your credentials have been >> accepted, your are authenticated, but your don't have the required >> access right. (common example you are a 'user' but not an 'admin', you >> try to access the admin panel, tomcat will refuse you, but not present >> you the authentification form because you are already identified) >> >> >> En l'instant précis du 01/22/07 16:11, Marcel Frehner s'exprimait en ces >> termes: >> > I'm trying to set up form-based authentication in a JSF Application on >> > Tomcat 5.5.4. I've got a login page, a welcome page and an error page. >> > On entering the right username and password I get redirected to >> > welcome.jsp. On entering the wrong credentials IE displays my custom >> > error.html with a link back to login.html where I can try with the >> > right password again. So far so good. >> > >> > Firefox 2.0, however, displays "HTTP Status 403 - Access to the >> > requested resource has been denied" if the wrong credentials are >> > entered. I can't get back to the login page anymore, even with the >> > back button in the browser. Logging in with the correct credentials >> > works as expected. >> > >> > I understand that Tomcat forwards control to the error page configured >> > in web.xml if authentication fails. I can't see any browser dependency >> > here. Or does it do a redirect, i.e. go back to the browser first? >> > >> > When setting up the application I followed Sun's Java 5 EE Tutorial >> > (Chapter 30: Securing Web Applications) leaving out the mapping of >> > roles to user groups as I haven't got any server groups. >> > >> > The settings in the Tomcat admin application, which works fine, seem >> > to be equivalent to mine although hard to compare as it is Struts and >> > mine is JSF. >> > >> > I've got an index.jsp file which takes me into the faces context. >> > Could that cause problems? >> > >> > Help is appreciated very much. >> > Marcel >> > >> > >> > <?xml version="1.0" encoding="UTF-8"?> >> > <web-app id="WebApp_ID" version="2.4" >> > xmlns="http://java.sun.com/xml/ns/j2ee"; >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> > xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee >> > http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";> >> > <display-name>sec24</display-name> >> > <servlet> >> > <servlet-name>Faces Servlet</servlet-name> >> > <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> >> > <load-on-startup>1</load-on-startup> >> > <security-role-ref> >> > <role-name>loginUser</role-name> >> > <role-link>loginUser</role-link> >> > </security-role-ref> >> > </servlet> >> > <servlet-mapping> >> > <servlet-name>Faces Servlet</servlet-name> >> > <url-pattern>*.faces</url-pattern> >> > </servlet-mapping> >> > <welcome-file-list> >> > <welcome-file>index.jsp</welcome-file> >> > </welcome-file-list> >> > <security-constraint> >> > <display-name>SecurityConstraint</display-name> >> > <web-resource-collection> >> > <web-resource-name>WRCollection</web-resource-name> >> > <url-pattern>/*</url-pattern> >> > </web-resource-collection> >> > <auth-constraint> >> > <role-name>loginUser</role-name> >> > </auth-constraint> >> > </security-constraint> >> > >> > <login-config> >> > <auth-method>FORM</auth-method> >> > <realm-name>security</realm-name> >> > <form-login-config> >> > <form-login-page>/login.html</form-login-page> >> > <form-error-page>/error.html</form-error-page> >> > </form-login-config> >> > </login-config> >> > <security-role> >> > <role-name>loginUser</role-name> >> > </security-role> >> > </web-app> >> > >> > >> > >> > >> > -- >> > dipl. geogr. Marcel Frehner >> > Wissenschaftlicher Mitarbeiter >> > Eidgenössische Forschungsanstalt für Wald, Schnee und Landschaft WSL >> > Abteilung Landschaftsinventuren >> > Zürcherstrasse 111 >> > 8903 Birmensdorf >> > >> > Tel. +41-44-739 26 83 >> > [EMAIL PROTECTED] >> > http://www.wsl.ch >> > >> > ---------------------------- >> > >> > >> > --------------------------------------------------------------------- >> > To start a new topic, e-mail: users@tomcat.apache.org >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > > > > -- > dipl. geogr. Marcel Frehner > Wissenschaftlicher Mitarbeiter > Eidgenössische Forschungsanstalt für Wald, Schnee und Landschaft WSL > Abteilung Landschaftsinventuren > Zürcherstrasse 111 > 8903 Birmensdorf > > Tel. +41-44-739 26 83 > [EMAIL PROTECTED] > http://www.wsl.ch > > ---------------------------- > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
