Hello,

I'm having problems getting the form-based authentication example that ships with Tomcat 6 to work properly.

I have followed all the instructions at

http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html

to make the form authentication example using MemoryRealm to work for

http://myserver:9090/examples/jsp/security/protected/

but when I access this URL, I get the protected page that says:

You are logged in as remote user null in session BLAH...
No user principal could be identified.

I understand that this page should redirect me to the login.jsp page instead where I can enter user1/test.


Here's what I did:

$CATALINA_HOME/conf/server.xml:

<Realm className="org.apache.catalina.realm.MemoryRealm" />


$CATALINA_HOME/conf/tomcat-users.xml:

<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="user2" password="test" roles="role1"/>
  <user username="user1" password="test" roles="tomcat"/>
</tomcat-users>


$CATALINA_HOME/webapps/examples/WEB-INF/web.xml:

<security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/security/protected/*</url-pattern>
         <!-- If you list http methods, only those methods are protected -->
         <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
         <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>tomcat</role-name>
         <role-name>role1</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>

<form-login-page>/jsp/security/protected/login.jsp</form-login-page> <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
      </form-login-config>
    </login-config>


Any help would be much appreciated. I'm running Tomcat on a Solaris workstation and accessing it from my Windows client with Firefox.

Regards,
Frank

--
Frank McCown
Old Dominion University
http://www.cs.odu.edu/~fmccown/

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to