Help getting form-based authentication example working

Tue, 01 May 2007 10:39:34 -0700 

Hello,
I'm having problems getting the form-based authentication example that ships with Tomcat 6 to work properly. 

I have followed all the instructions at

http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html

to make the form authentication example using MemoryRealm to work for

http://myserver:9090/examples/jsp/security/protected/

but when I access this URL, I get the protected page that says:

You are logged in as remote user null in session BLAH...
No user principal could be identified.


I understand that this page should redirect me to the login.jsp page 
instead where I can enter user1/test.



Here's what I did:

$CATALINA_HOME/conf/server.xml:

<Realm className="org.apache.catalina.realm.MemoryRealm" />


$CATALINA_HOME/conf/tomcat-users.xml:

<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="user2" password="test" roles="role1"/>
  <user username="user1" password="test" roles="tomcat"/>
</tomcat-users>


$CATALINA_HOME/webapps/examples/WEB-INF/web.xml:

<security-constraint>
      <display-name>Example Security Constraint</display-name>
      <web-resource-collection>
         <web-resource-name>Protected Area</web-resource-name>
         <!-- Define the context-relative URL(s) to be protected -->
         <url-pattern>/security/protected/*</url-pattern>
         <!-- If you list http methods, only those methods are protected -->
         <http-method>DELETE</http-method>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
         <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
         <!-- Anyone with one of the listed roles may access this area -->
         <role-name>tomcat</role-name>
         <role-name>role1</role-name>
      </auth-constraint>
    </security-constraint>

    <!-- Default login configuration uses form-based authentication -->
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Example Form-Based Authentication Area</realm-name>
      <form-login-config>


<form-login-page>/jsp/security/protected/login.jsp</form-login-page> 
  <form-error-page>/jsp/security/protected/error.jsp</form-error-page>

      </form-login-config>
    </login-config>



Any help would be much appreciated.  I'm running Tomcat on a Solaris 
workstation and accessing it from my Windows client with Firefox.


Regards,
Frank

--
Frank McCown
Old Dominion University
http://www.cs.odu.edu/~fmccown/

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to