Authentication Issues

Tue, 26 Aug 2008 12:06:40 -0700 

Hello All,
I am having a very difficult time using Tomcat authentication. Here is the situation: 


For right now I am using BASIC authentication.  There are 3 roles 
defined in the tomcat-users.xml file.  To access different areas of my 
application requires different levels of roles.  I want my users to be 
able to click on a link and if they don't meet the role requirement have 
the Authentication Requested login box pop-up so someone with the proper 
level of access can simply login right there and go to the requested 
screen.  Instead of this happening all I get is an HTTP error page 
saying  that the request resource is protected.  The user then has to 
close their browser and re-open it to log in as another user with a 
different role.  It would make sense to me that Tomcat has a way of 
handling this issue, but I can't for the life of me find it.  HELP!!!!



I have also tried to simply implement a logout function that removes the 
current session and (supposedly) deletes the persistent cookie and 
presents the user with a screen that has a link to a page that requires 
a login.  It should (IMHO) present them with the login box once they 
click the link since the session and cookie were removed, but it 
doesn't.  I've monitored the Tomcat sessions through the manager 
application and I know that the session is being removed for sure but it 
doesn't seem that the cookie is being removed.  Here is the code for the 
utility that removes the session and cookie:


package logic;

import javax.servlet.http.*;
import javax.servlet.http.HttpSession.*;
import java.io.*;
import javax.servlet.*;

public class CookieUtil extends HttpServlet
{
 protected void doGet(HttpServletRequest request,
           HttpServletResponse response)
           throws ServletException, IOException
 {
   HttpSession session = request.getSession();
   session.invalidate();

   Cookie[] cookies = request.getCookies();
   for (int i=0; i<cookies.length; i++)
   {
   Cookie cookie = cookies[i];
   cookie.setMaxAge(0); //delete the cookie
   }

   response.sendRedirect("loggedout.vm");
 }
}



I'm using Tomcat 6 with the VRaptor and Velocity frameworks. 


If anyone can help me with this it would be greatly appreciated!

Erik Rumppe
PAII
University of California, Berkeley - LSO

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to